Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
download.exe

Overview

General Information

Sample name:download.exe
Analysis ID:1562775
MD5:42131ad9cd6ff5801461b1071581a091
SHA1:8b14015ad7e0c90a41e6f6bd00e9c849b1a9e6ab
SHA256:72502d27fda56e265bb8ced8b4735df100bb300b783269a4e5e7bc936e154b2e
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Early bird code injection technique detected
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64native
  • download.exe (PID: 2108 cmdline: "C:\Users\user\Desktop\download.exe" MD5: 42131AD9CD6FF5801461B1071581A091)
    • svchost.exe (PID: 8160 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • fontdrvhost.exe (PID: 3576 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: AB7AB4CF816D091EEE234C1D9BC4FD13)
        • chrome.exe (PID: 5152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: BB7C48CDDDE076E7EB44022520F40F77)
          • WerFault.exe (PID: 2088 cmdline: C:\Windows\system32\WerFault.exe -u -p 5152 -s 592 MD5: 5C06542FED8EE68994D43938E7326D75)
        • chrome.exe (PID: 5540 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d" MD5: BB7C48CDDDE076E7EB44022520F40F77)
          • chrome.exe (PID: 4232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
        • msedge.exe (PID: 5376 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9" MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
          • msedge.exe (PID: 5004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
        • wmlaunch.exe (PID: 8624 cmdline: "C:\Program Files\Windows Media Player\wmlaunch.exe" MD5: C8BCC18E4197CD207596A0AD4CDAACAC)
          • dllhost.exe (PID: 8656 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • elevation_service.exe (PID: 5932 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe" MD5: E2FC40F6677D44EF89D6C6D15CB4BB4B)
  • msedge.exe (PID: 1676 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --do-not-de-elevate http://127.0.0.1:8000/f4698726/6e5a1ad9 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
    • msedge.exe (PID: 6248 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.3.download.exe.3320000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              2.3.svchost.exe.5270000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                2.3.svchost.exe.5270000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  2.3.svchost.exe.5270000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    0.3.download.exe.3100000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      Sigma detected: Dllhost Internet Connection
                      Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 95.182.97.106, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 8656, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 51988
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\download.exe", ParentImage: C:\Users\user\Desktop\download.exe, ParentProcessId: 2108, ParentProcessName: download.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8160, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\download.exe", ParentImage: C:\Users\user\Desktop\download.exe, ParentProcessId: 2108, ParentProcessName: download.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8160, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-26T01:09:26.873254+010028548242Potentially Bad Traffic95.182.97.1065980192.168.11.2051986TCP
                      2024-11-26T01:09:40.113105+010028548242Potentially Bad Traffic95.182.97.1065980192.168.11.2051987TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-26T01:09:04.874732+010028548021Domain Observed Used for C2 Detected95.182.97.1065980192.168.11.2049757TCP
                      2024-11-26T01:09:26.873254+010028548021Domain Observed Used for C2 Detected95.182.97.1065980192.168.11.2051986TCP
                      2024-11-26T01:09:40.113105+010028548021Domain Observed Used for C2 Detected95.182.97.1065980192.168.11.2051987TCP
                      2024-11-26T01:09:47.980901+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051988TCP
                      2024-11-26T01:09:54.587360+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051989TCP
                      2024-11-26T01:10:01.222770+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051990TCP
                      2024-11-26T01:10:07.844815+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051991TCP
                      2024-11-26T01:10:14.467577+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051992TCP
                      2024-11-26T01:10:21.095644+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051993TCP
                      2024-11-26T01:10:27.711777+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051994TCP
                      2024-11-26T01:10:34.334854+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051995TCP
                      2024-11-26T01:10:40.959583+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051996TCP
                      2024-11-26T01:10:47.585449+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051997TCP
                      2024-11-26T01:10:54.179842+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051998TCP
                      2024-11-26T01:11:00.812960+010028548021Domain Observed Used for C2 Detected95.182.97.106443192.168.11.2051999TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: download.exeAvira: detected
                      Multi AV Scanner detection for submitted file
                      Source: download.exeVirustotal: Detection: 51%Perma Link
                      Machine Learning detection for sample
                      Source: download.exeJoe Sandbox ML: detected
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7760C4 CryptUnprotectData,3_3_00007DF40F7760C4
                      Source: download.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51988 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51989 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51990 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51991 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51992 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51993 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51994 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51995 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51996 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51997 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51998 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51999 version: TLS 1.2
                      Source: download.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: wkernel32.pdb source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: Xo02fa-tDef5e02-6.pDBH source: chrome.exe, 00000009.00000002.144860724877.000048DC0005C000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00731B09 FindFirstFileExW,0_2_00731B09
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F770B54 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,3_3_00007DF40F770B54
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp3_3_00007DF40F781761
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp3_2_000002DF102C0511
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4x nop then dec esp4_2_000001E604F31761
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 4x nop then ret 19_2_0000018A5292108E
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 4x nop then dec esp19_2_0000018A52925681
                      Source: chrome.exeMemory has grown: Private usage: 2MB later: 18MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:49757
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51991
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51992
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51988
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51998
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51990
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51996
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51993
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51999
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51994
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51989
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:51986
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:51987
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51997
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51995
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 95.182.97.106 5980Jump to behavior
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 95.182.97.106 ports 5980,0,443,5,8,9
                      Source: global trafficTCP traffic: 192.168.11.20:49757 -> 95.182.97.106:5980
                      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                      Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 95.182.97.106:5980 -> 192.168.11.20:51986
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 95.182.97.106:5980 -> 192.168.11.20:51987
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.182.97.106
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A9C90 WSARecv,3_3_00007DF40F7A9C90
                      Source: fontdrvhost.exe, 00000003.00000003.144885676844.000002DF128A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"}, equals www.facebook.com (Facebook)
                      Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                      Source: global trafficDNS traffic detected: DNS query: ntp.time.nl
                      Source: global trafficDNS traffic detected: DNS query: time.windows.com
                      Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                      Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                      Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                      Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                      Source: global trafficTCP traffic: 192.168.11.20:59210 -> 239.255.255.250:1900
                      Source: global trafficTCP traffic: 192.168.11.20:60589 -> 239.255.255.250:1900
                      Source: chrome.exe, 00000009.00000002.144867247297.000048DC00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144864269062.000048DC00777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/
                      Source: chrome.exe, 00000009.00000002.144867247297.000048DC00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/?C
                      Source: chrome.exe, 00000009.00000002.144861198675.000048DC0013C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/
                      Source: msedge.exe, 0000000B.00000002.144890987910.000050C000044000.00000004.00000800.00020000.00000000.sdmp, Session_13377053363756224.14.dr, History.14.dr, Tabs_13377053363765091.14.drString found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9
                      Source: fontdrvhost.exe, 00000003.00000003.144887695196.000002DF12618000.00000004.00000020.00020000.00000000.sdmp, History.14.drString found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9/
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9P
                      Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9UJa
                      Source: msedge.exe, 0000000B.00000002.144887394001.000002164ECFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9User
                      Source: chrome.exe, 00000009.00000002.144858344920.000018180002C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144860025767.000048D8000E9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868409498.000048DC00E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144857507794.000008180002C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/f4698726/75fae57d
                      Source: chrome.exe, 00000009.00000002.144861609001.000048DC001BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865807200.000048DC009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/f4698726/75fae57d0(p
                      Source: fontdrvhost.exe, 00000003.00000003.144926580188.000002DF1263B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://1270.1:
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2514
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2727
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3016
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3153
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3243
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/342316794
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/345244067
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625P
                      Source: msedge.exe, 0000000B.00000002.144892438792.000050C000438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625r
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096464
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096601
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096643
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096838
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644663
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644740
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644747
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644776
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644912
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/41488637
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/41493495
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261226
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261756
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261881
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261882
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262115
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262161
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262166
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262239
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262247
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262249
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262258
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262286
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262287
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262476
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262506
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262605
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42262955
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263010
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263031
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263049
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263158
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263239
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263322
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263477
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263580
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263622
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263629
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263911
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263914
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263960
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263969
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264071
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264193
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264287
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264422
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264443
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264446
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264571
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264577
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264669
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264767
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264951
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265147
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265186
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265248
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265353
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265369
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265370
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265407
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265429
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265509
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265516
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265647
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265841
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265878
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265957
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266019
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266021
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266024
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266194
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266231
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266232
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266602
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266652
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266666
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266725
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266842
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266906
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266976
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42267038
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42267057
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42267095
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42267113
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4339
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4889
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4995
                      Source: msedge.exe, 0000000B.00000002.144892495736.000050C000448000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                      Source: chrome.exe, 00000009.00000002.144864792512.000048DC00814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
                      Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/350528343
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
                      Source: chrome.exe, 00000009.00000002.144860823300.000048DC00095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/173636783
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                      Source: chrome.exe, 00000009.00000002.144867683942.000048DC00D34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                      Source: svchost.exe, 00000002.00000002.144716981333.0000000002C3C000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.144717744264.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF106AD000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144885805243.000002DF106B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144824904520.000002DF106AD000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851950121.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886783830.000002DF106B5000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145099971418.000002DF106D6000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100578013.000002DF106AF000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853625533.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945809110.000002DF106B0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942503856.000002DF106B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851244286.000002DF106AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdq
                      Source: svchost.exe, 00000002.00000002.144717744264.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqkernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000002.00000002.144716981333.0000000002C3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqx
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                      Source: chrome.exe, 00000009.00000002.144860591327.000048DC00014000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891359370.000050C0000EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                      Source: msedge.exe, 0000000B.00000002.144891359370.000050C0000EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetP
                      Source: chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                      Source: chrome.exe, 00000009.00000002.144860859825.000048DC000A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
                      Source: chrome.exe, 00000009.00000002.144868698581.000048DC00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866475903.000048DC00B14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                      Source: chrome.exe, 00000009.00000002.144866475903.000048DC00B14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardion.enabled)
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                      Source: chrome.exe, 00000009.00000002.144862247284.000048DC00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                      Source: chrome.exe, 00000009.00000002.144860859825.000048DC000B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/40644738
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/40644850
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42263540
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42264383
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265636
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265637
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265720
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265782
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265792
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265794
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265839
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265854
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265958
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42266070
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42266183
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42266319
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42266364
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42266842
                      Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42267038
                      Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://beastacademy.com/checkout/cart
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
                      Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                      Source: chrome.exe, 00000009.00000002.144865556351.000048DC00958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cart.ebay.com/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cart.godaddy.com/go/checkout
                      Source: chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
                      Source: chrome.exe, 00000009.00000003.144851073877.000048DC010B4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: chrome.exe, 00000009.00000002.144869315449.000048DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                      Source: chrome.exe, 00000009.00000002.144864373824.000048DC00784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
                      Source: chrome.exe, 00000009.00000002.144868367655.000048DC00E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861028506.000048DC000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144851073877.000048DC010B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfnapp.window.fullscreen.overrideEsc
                      Source: chrome.exe, 00000009.00000002.144860554259.000048DC00004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
                      Source: chrome.exe, 00000009.00000002.144860554259.000048DC00004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: chrome.exe, 00000009.00000002.144861442677.000048DC001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                      Source: chrome.exe, 00000009.00000003.144834107840.00001818000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144834049331.00001818000D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                      Source: msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: chrome.exe, 00000009.00000002.144865856922.000048DC009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
                      Source: chrome.exe, 00000009.00000002.144864644079.000048DC007E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                      Source: chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                      Source: chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                      Source: chrome.exe, 00000009.00000002.144864792512.000048DC00814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
                      Source: svchost.exe, 00000002.00000003.144674407342.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000002.00000003.144674407342.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: fontdrvhost.exe, 00000003.00000003.144893733877.000002DF128A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                      Source: fontdrvhost.exe, 00000003.00000003.144893733877.000002DF128A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
                      Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
                      Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                      Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                      Source: chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=searchTerms
                      Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/155487768
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097N
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002O
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444O
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/288119108
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292282210
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/309028728
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/328301788
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/328837151
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/336844257
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/347601787
                      Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/349489248
                      Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
                      Source: chrome.exe, 00000009.00000002.144866538607.000048DC00B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                      Source: fontdrvhost.exe, 00000003.00000003.144854279182.000002DF128B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893246921.000002DF125B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipOvNh-L3TTVll_wDyQd66TEaShUCp3i0iabc8se=w92-h92-n-k-no
                      Source: fontdrvhost.exe, 00000003.00000003.144854279182.000002DF128B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893246921.000002DF125B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipPFr704HJkdqZ5xefxGs53Btx8SeAbaCnWxa6-y=w92-h92-n-k-no
                      Source: fontdrvhost.exe, 00000003.00000003.144927915441.000002DF126C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lo.live.com/
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                      Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
                      Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                      Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: chrome.exe, 00000009.00000002.144866229742.000048DC00A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myshop.amplify.com/cart
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                      Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/files/download/22459/BIOS320.EXE
                      Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
                      Source: msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeosPortable
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
                      Source: msedge.exe, 0000000B.00000002.144891281735.000050C0000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/https://permanently-removed.invalid/GetChe
                      Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
                      Source: msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/events
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poshmark.com/bundles/shop
                      Source: chrome.exe, 00000009.00000002.144862458609.000048DC00370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                      Source: chrome.exe, 00000009.00000002.144861236074.000048DC0014C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144863872129.000048DC0068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyBOti4mM-6x9WDnZIjIe
                      Source: chrome.exe, 00000009.00000002.144860859825.000048DC000A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure-oldnavy.gap.com/shopping-bag
                      Source: fontdrvhost.exe, 00000003.00000003.144894538472.000002DF105F9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.co
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt/
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txtD
                      Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txtXka
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com/
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com;
                      Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.comXka
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.newegg.com/shop/cart
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shop.advanceautoparts.com/web/OrderItemDisplay
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shop.lululemon.com/shop/mybag
                      Source: chrome.exe, 00000009.00000002.144866538607.000048DC00B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.usps.com/store/cart/cart.jsp
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
                      Source: msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                      Source: msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                      Source: chrome.exe, 00000009.00000002.144867683942.000048DC00D34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                      Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
                      Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                      Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search
                      Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=
                      Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                      Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us
                      Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.ushttps://unitedstates1.ss.wd.microsoft.us
                      Source: msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us
                      Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.abebooks.com/servlet/ShopBasketPL
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.academy.com/shop/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.acehardware.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.adorama.com/als.mvc/cartview
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ae.com/us/en/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.altardstate.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/gp/cart/view.html
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anthropologie.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.apple.com/shop/bag
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.atlassian.com/purchase/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.att.com/buy/cart
                      Source: fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQ
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
                      Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.backcountry.com/Store/cart/cart.jsp
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayView
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bathandbodyworks.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bedbathandbeyond.com/store/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.belk.com/shopping-bag/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bhphotovideo.com/find/cart.jsp
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bloomingdales.com/my-bag
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.boostmobile.com/cart.html
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bricklink.com/v2/globalcart.page
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.brownells.com/aspx/store/cart.aspx
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.buybuybaby.com/store/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.carid.com/cart.php
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.chegg.com/shoppingcart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.containerstore.com/cart/list.htm
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.costco.com/CheckoutCartDisplayView
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.crateandbarrel.com/Checkout/Cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dickssportinggoods.com/OrderItemDisplay
                      Source: chrome.exe, 00000009.00000002.144863406370.000048DC00574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dillards.com/webapp/wcs/stores/servlet/OrderItemDisplay
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dsw.com/en/us/shopping-bag
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                      Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                      Source: fontdrvhost.exe, 00000003.00000003.144894538472.000002DF105F9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Download
                      Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Xka
                      Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.electronicexpress.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.etsy.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eyebuydirect.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fingerhut.com/cart/index
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.finishline.com/store/cart/cart.jsp
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.freepeople.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gamestop.com/cart/
                      Source: fontdrvhost.exe, 00000003.00000003.144853798984.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144862757421.000048DC003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
                      Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
                      Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
                      Source: chrome.exe, 00000009.00000002.144867029575.000048DC00C04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866347456.000048DC00AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                      Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
                      Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144863328932.000048DC00504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                      Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
                      Source: chrome.exe, 00000009.00000002.144862458609.000048DC00370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                      Source: chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                      Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                      Source: chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.groupon.com/cart
                      Source: chrome.exe, 00000009.00000002.144864269062.000048DC0075C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.guitarcenter.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.harborfreight.com/checkout/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hmhco.com/hmhstorefront/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.homedepot.com/mycart/home
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.homesquare.com/Checkout/Cart.aspx
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hottopic.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hsn.com/checkout/bag
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ikea.com/us/en/shoppingcart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jcpenney.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jcrew.com/checkout/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.joann.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.kohls.com/checkout/shopping_cart.jsp
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.landsend.com/shopping-bag/
                      Source: chrome.exe, 00000009.00000002.144863406370.000048DC00574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplay
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.lowes.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.lulus.com/checkout/bag
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.macys.com/my-bag
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.midwayusa.com/cart
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
                      Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.neimanmarcus.com/checkout/cart.jsp
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nike.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nordstrom.com/shopping-bag
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.officedepot.com/cart/shoppingCart.do
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opticsplanet.com/checkout/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.otterbox.com/en-us/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.overstock.com/cart
                      Source: chrome.exe, 00000009.00000002.144864919143.000048DC00858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pacsun.com/on/demandware.store/Sites-pacsun-Site/default/Cart-Show
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.petsmart.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pier1.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pokemoncenter.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.potterybarn.com/shoppingcart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.qvc.com/checkout/cart.html
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.redbubble.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rei.com/ShoppingCart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.revolve.com/r/ShoppingBag.jsp
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rockauto.com/en/cart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.saksfifthavenue.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.samsclub.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sephora.com/basket
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.shutterfly.com/cart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.staples.com/cc/mmx/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sweetwater.com/store/cart.php
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.talbots.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.target.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.teacherspayteachers.com/Cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.therealreal.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tractorsupply.com/TSCShoppingCartView
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ulta.com/bag
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.underarmour.com/en-us/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.urbanoutfitters.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.vitalsource.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.walgreens.com/cart/view-ui
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.walmart.com/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wayfair.com/v/checkout/basket/show
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.weightwatchers.com/us/shop/checkout/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.westelm.com/shoppingcart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wiley.com/en-us/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.williams-sonoma.com/shoppingcart/
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wish.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zappos.com/cart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zazzle.com/co/cart
                      Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zennioptical.com/shoppingCart
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www2.hm.com/en_us/cart
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51989
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51998 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51996 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51992 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51994 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51997
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51998
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51991
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51997 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51992
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51995
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51996
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51993
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51994
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51991 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51993 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51995 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 51989 -> 443
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51988 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51989 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51990 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51991 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51992 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51993 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51994 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51995 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51996 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51997 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51998 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51999 version: TLS 1.2
                      Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_e3f64e16-0
                      Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d7e74f50-e
                      Source: Yara matchFile source: 0.3.download.exe.3320000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.svchost.exe.5270000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.svchost.exe.5270000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.svchost.exe.5270000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.download.exe.3100000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.svchost.exe.5490000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: download.exe PID: 2108, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 8160, type: MEMORYSTR
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7708A0 CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,3_3_00007DF40F7708A0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF102730C7 NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlFreeHeap,RtlFreeHeap,3_3_000002DF102730C7
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77FCA0 NtAcceptConnectPort,3_3_00007DF40F77FCA0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77FBE0 NtAcceptConnectPort,3_3_00007DF40F77FBE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E924 NtAcceptConnectPort,calloc,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,3_3_00007DF40F77E924
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77F950 NtAcceptConnectPort,3_3_00007DF40F77F950
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F780894 NtAcceptConnectPort,NtAcceptConnectPort,3_3_00007DF40F780894
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7807C8 NtAcceptConnectPort,NtAcceptConnectPort,3_3_00007DF40F7807C8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E5B4 CreateFileMappingW,MapViewOfFile,DuplicateHandle,NtAcceptConnectPort,3_3_00007DF40F77E5B4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77F5E0 NtAcceptConnectPort,3_3_00007DF40F77F5E0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E3FC NtAcceptConnectPort,3_3_00007DF40F77E3FC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E3DC NtAcceptConnectPort,3_3_00007DF40F77E3DC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E2F8 NtAcceptConnectPort,3_3_00007DF40F77E2F8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77F340 NtAcceptConnectPort,3_3_00007DF40F77F340
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E208 NtAcceptConnectPort,3_3_00007DF40F77E208
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E270 NtAcceptConnectPort,3_3_00007DF40F77E270
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E184 NtAcceptConnectPort,3_3_00007DF40F77E184
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77F194 RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,3_3_00007DF40F77F194
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E1B0 NtAcceptConnectPort,3_3_00007DF40F77E1B0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E164 NtAcceptConnectPort,3_3_00007DF40F77E164
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77E0A8 NtAcceptConnectPort,3_3_00007DF40F77E0A8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_2_000002DF102C1AA4 NtAcceptConnectPort,NtAcceptConnectPort,3_2_000002DF102C1AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_2_000002DF102C0AC8 NtAcceptConnectPort,NtAcceptConnectPort,3_2_000002DF102C0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_2_000002DF102C1CF4 NtAcceptConnectPort,CloseHandle,3_2_000002DF102C1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_2_000002DF102C15C0 NtAcceptConnectPort,3_2_000002DF102C15C0
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F2E354 NtAcceptConnectPort,4_2_000001E604F2E354
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F2E11C NtAcceptConnectPort,4_2_000001E604F2E11C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_3_00007DF4C6851CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,19_3_00007DF4C6851CE8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_3_00007DF4C6851958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,19_3_00007DF4C6851958
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293290C NtAcceptConnectPort,19_2_0000018A5293290C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932A20 NtAcceptConnectPort,19_2_0000018A52932A20
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52933158 NtAcceptConnectPort,19_2_0000018A52933158
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932E84 NtAcceptConnectPort,19_2_0000018A52932E84
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932EC8 NtAcceptConnectPort,19_2_0000018A52932EC8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932CAC NtAcceptConnectPort,19_2_0000018A52932CAC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932DDC NtAcceptConnectPort,19_2_0000018A52932DDC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932D80 NtAcceptConnectPort,19_2_0000018A52932D80
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52932DAC NtAcceptConnectPort,19_2_0000018A52932DAC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8633970 NtQuerySystemInformation,20_2_000001AFE8633970
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_007381D20_2_007381D2
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072C2310_2_0072C231
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072C4000_2_0072C400
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF102727B23_3_000002DF102727B2
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF10271BBC3_3_000002DF10271BBC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF1027250D3_3_000002DF1027250D
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF10275E943_3_000002DF10275E94
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF102755943_3_000002DF10275594
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF102759143_3_000002DF10275914
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF10272C523_3_000002DF10272C52
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_000002DF10274A503_3_000002DF10274A50
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F767AB43_3_00007DF40F767AB4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F76E9443_3_00007DF40F76E944
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7708A03_3_00007DF40F7708A0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F75286C3_3_00007DF40F75286C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7AFEF83_3_00007DF40F7AFEF8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F770EC83_3_00007DF40F770EC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F84DEEC3_3_00007DF40F84DEEC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7BCDC83_3_00007DF40F7BCDC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F763D303_3_00007DF40F763D30
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7AEC783_3_00007DF40F7AEC78
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7BCCB83_3_00007DF40F7BCCB8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F77CBFC3_3_00007DF40F77CBFC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7ACC043_3_00007DF40F7ACC04
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83DC143_3_00007DF40F83DC14
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A3C683_3_00007DF40F7A3C68
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83BBE83_3_00007DF40F83BBE8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F82DB483_3_00007DF40F82DB48
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F765B503_3_00007DF40F765B50
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A6B643_3_00007DF40F7A6B64
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83EA8C3_3_00007DF40F83EA8C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7BCADC3_3_00007DF40F7BCADC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F798AE83_3_00007DF40F798AE8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F84AA343_3_00007DF40F84AA34
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7B0A543_3_00007DF40F7B0A54
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F75F9C03_3_00007DF40F75F9C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7F19343_3_00007DF40F7F1934
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A38DC3_3_00007DF40F7A38DC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7C57A43_3_00007DF40F7C57A4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83E6F43_3_00007DF40F83E6F4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7D069C3_3_00007DF40F7D069C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83D6DC3_3_00007DF40F83D6DC
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83E5743_3_00007DF40F83E574
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A55C03_3_00007DF40F7A55C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F8374F83_3_00007DF40F8374F8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F84A5183_3_00007DF40F84A518
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7844043_3_00007DF40F784404
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F78D44C3_3_00007DF40F78D44C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7C133C3_3_00007DF40F7C133C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7FA3483_3_00007DF40F7FA348
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F8323583_3_00007DF40F832358
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A52743_3_00007DF40F7A5274
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F8432783_3_00007DF40F843278
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7BD2203_3_00007DF40F7BD220
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7CD1C83_3_00007DF40F7CD1C8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7621F03_3_00007DF40F7621F0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83A11C3_3_00007DF40F83A11C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7710903_3_00007DF40F771090
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F83E0303_3_00007DF40F83E030
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7510583_3_00007DF40F751058
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F755F9C3_3_00007DF40F755F9C
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_2_000002DF102C0C703_2_000002DF102C0C70
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F0F9C04_2_000001E604F0F9C0
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F1E9444_2_000001E604F1E944
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F48AE84_2_000001E604F48AE8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F6CADC4_2_000001E604F6CADC
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F17AB44_2_000001E604F17AB4
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEEA8C4_2_000001E604FEEA8C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F60A544_2_000001E604F60A54
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FFAA344_2_000001E604FFAA34
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEDC144_2_000001E604FEDC14
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F2CBFC4_2_000001E604F2CBFC
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F5CC044_2_000001E604F5CC04
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F56B644_2_000001E604F56B64
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FDDB484_2_000001E604FDDB48
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F6CCB84_2_000001E604F6CCB8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F5EC784_2_000001E604F5EC78
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F53C684_2_000001E604F53C68
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F555C04_2_000001E604F555C0
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEE5744_2_000001E604FEE574
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEE6F44_2_000001E604FEE6F4
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FED6DC4_2_000001E604FED6DC
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F757A44_2_000001E604F757A4
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F538DC4_2_000001E604F538DC
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F208A04_2_000001E604F208A0
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F0286C4_2_000001E604F0286C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F6D2204_2_000001E604F6D220
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F121F04_2_000001E604F121F0
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F7D1C84_2_000001E604F7D1C8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F552744_2_000001E604F55274
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FE23584_2_000001E604FE2358
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FAA3484_2_000001E604FAA348
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F7133C4_2_000001E604F7133C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FFA5184_2_000001E604FFA518
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FE74F84_2_000001E604FE74F8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F3D44C4_2_000001E604F3D44C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F6CDC84_2_000001E604F6CDC8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F5FEF84_2_000001E604F5FEF8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F20EC84_2_000001E604F20EC8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F05F9C4_2_000001E604F05F9C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEA11C4_2_000001E604FEA11C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F210904_2_000001E604F21090
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604F010584_2_000001E604F01058
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E6050010084_2_000001E605001008
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 4_2_000001E604FEE0304_2_000001E604FEE030
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_3_00007DF4C685220419_3_00007DF4C6852204
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_3_00007DF4C6854EFC19_3_00007DF4C6854EFC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_3_00007DF4C685392C19_3_00007DF4C685392C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5292C2D019_2_0000018A5292C2D0
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293321819_2_0000018A52933218
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5292262C19_2_0000018A5292262C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293EABC19_2_0000018A5293EABC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52966C0819_2_0000018A52966C08
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293E40419_2_0000018A5293E404
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295D3C819_2_0000018A5295D3C8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A529560EC19_2_0000018A529560EC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5296011419_2_0000018A52960114
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5294786819_2_0000018A52947868
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A529550A419_2_0000018A529550A4
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5294089819_2_0000018A52940898
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5296422119_2_0000018A52964221
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295522419_2_0000018A52955224
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295420C19_2_0000018A5295420C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52960A4419_2_0000018A52960A44
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293723419_2_0000018A52937234
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295F15819_2_0000018A5295F158
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295F9A419_2_0000018A5295F9A4
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295474419_2_0000018A52954744
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293D73019_2_0000018A5293D730
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52947E5819_2_0000018A52947E58
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52948E8819_2_0000018A52948E88
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293CE7019_2_0000018A5293CE70
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5294467819_2_0000018A52944678
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295669C19_2_0000018A5295669C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52935FCC19_2_0000018A52935FCC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295AFF019_2_0000018A5295AFF0
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5294E02819_2_0000018A5294E028
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5296104819_2_0000018A52961048
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A529214D019_2_0000018A529214D0
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A529474EC19_2_0000018A529474EC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293FD3C19_2_0000018A5293FD3C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52950C4C19_2_0000018A52950C4C
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5295F4B819_2_0000018A5295F4B8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293C5D819_2_0000018A5293C5D8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5296156419_2_0000018A52961564
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5293758019_2_0000018A52937580
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52955D8419_2_0000018A52955D84
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A52959DA819_2_0000018A52959DA8
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A529555BC19_2_0000018A529555BC
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_00007DF4C68622CC19_2_00007DF4C68622CC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE863745420_2_000001AFE8637454
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8653C6020_2_000001AFE8653C60
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE863BD4020_2_000001AFE863BD40
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8649E1020_2_000001AFE8649E10
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865C62020_2_000001AFE865C620
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864E5FC20_2_000001AFE864E5FC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864A5D820_2_000001AFE864A5D8
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8638ECC20_2_000001AFE8638ECC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE863C6AC20_2_000001AFE863C6AC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8661F2820_2_000001AFE8661F28
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864AEF020_2_000001AFE864AEF0
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE86526D420_2_000001AFE86526D4
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE863D6DC20_2_000001AFE863D6DC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8648F9820_2_000001AFE8648F98
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865478020_2_000001AFE8654780
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865C78820_2_000001AFE865C788
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864F84C20_2_000001AFE864F84C
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE863C0BC20_2_000001AFE863C0BC
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864287C20_2_000001AFE864287C
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE864A94020_2_000001AFE864A940
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE86498F820_2_000001AFE86498F8
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8649A7820_2_000001AFE8649A78
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865426420_2_000001AFE8654264
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8648A6020_2_000001AFE8648A60
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865333020_2_000001AFE8653330
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE86493B420_2_000001AFE86493B4
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE8652BC020_2_000001AFE8652BC0
                      Source: C:\Windows\System32\dllhost.exeCode function: 20_2_000001AFE865237420_2_000001AFE8652374
                      Source: C:\Users\user\Desktop\download.exeCode function: String function: 0072CD90 appears 33 times
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5152 -s 592
                      Source: download.exe, 00000000.00000003.144627996795.00000000033CD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs download.exe
                      Source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs download.exe
                      Source: download.exe, 00000000.00000003.144626977903.0000000003474000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs download.exe
                      Source: download.exe, 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs download.exe
                      Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs download.exe
                      Source: download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs download.exe
                      Source: download.exe, 00000000.00000003.144629242088.00000000034FC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs download.exe
                      Source: download.exe, 00000000.00000003.144628409309.0000000003191000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs download.exe
                      Source: download.exe, 00000000.00000003.144627566876.0000000003223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs download.exe
                      Source: download.exe, 00000000.00000003.144628554816.0000000003270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs download.exe
                      Source: download.exe, 00000000.00000003.144625964709.0000000003277000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs download.exe
                      Source: download.exeBinary or memory string: OriginalFilenameCFF Explorer.exe: vs download.exe
                      Source: download.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 3.3.fontdrvhost.exe.2df125ae350.1.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                      Source: 3.3.fontdrvhost.exe.2df125ae350.0.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                      Source: 3.3.fontdrvhost.exe.2df125ae350.2.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                      Source: download.exeBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: download.exeBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@44/103@7/9
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F75286C CreateToolhelp32Snapshot,Thread32First,CloseHandle,SuspendThread,3_3_00007DF40F75286C
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674511B3-68C.pmaJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-bc9a67e-8157-8bb7cc-dd41a83a1a9d}
                      Source: C:\Windows\System32\fontdrvhost.exeFile created: C:\Users\user\AppData\Local\Temp\chrDCBF.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\download.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                      Source: fontdrvhost.exe, 00000003.00000003.144851466965.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851098351.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128CA000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851578412.000002DF12648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                      Source: chrome.exe, 00000009.00000002.144856406977.000001CFF19B0000.00000002.00000001.00040000.00000013.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B5000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852581253.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144856447306.000001CFF19C5000.00000002.00000001.00040000.00000014.sdmp, chrome.exe, 00000009.00000003.144849160704.000048DC0089C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: fontdrvhost.exe, 00000003.00000003.144884809898.000002DF128E0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144884549731.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882359279.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144883374732.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                      Source: download.exeVirustotal: Detection: 51%
                      Source: unknownProcess created: C:\Users\user\Desktop\download.exe "C:\Users\user\Desktop\download.exe"
                      Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5152 -s 592
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --do-not-de-elevate http://127.0.0.1:8000/f4698726/6e5a1ad9
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\download.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\download.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Users\user\Desktop\download.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mpr.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mfplat.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: edgegdi.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: rtworkq.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: mswsock.dll
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\OutlookJump to behavior
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: download.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: download.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wkernel32.pdb source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: Xo02fa-tDef5e02-6.pDBH source: chrome.exe, 00000009.00000002.144860724877.000048DC0005C000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
                      Source: download.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: download.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: download.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: download.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: download.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: download.exeStatic PE information: section name: .textbss
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073B86D push ebx; ret 0_3_0073B864
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073A840 push ebp; retf 0_3_0073A841
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073E83C pushad ; ret 0_3_0073E841
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073E80E push eax; iretd 0_3_0073E81D
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073A0F9 push FFFFFF82h; iretd 0_3_0073A0FB
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073D8A0 push 0000002Eh; iretd 0_3_0073D8A2
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073EE8C push es; iretd 0_3_0073EE8D
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_00739F6A push eax; ret 0_3_00739F75
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073EF6E push FFFFFFD2h; retf 0_3_0073EF91
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073B70B push ebx; ret 0_3_0073B864
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073B1DD push eax; ret 0_3_0073B1DF
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073EF92 push 00000038h; iretd 0_3_0073EF9D
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_0073E586 pushad ; retf 0_3_0073E599
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073B86D push ebx; ret 0_2_0073B864
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073A840 push ebp; retf 0_2_0073A841
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073E83C pushad ; ret 0_2_0073E841
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073E80E push eax; iretd 0_2_0073E81D
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073A0F9 push FFFFFF82h; iretd 0_2_0073A0FB
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073D8A0 push 0000002Eh; iretd 0_2_0073D8A2
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00738904 push ecx; ret 0_2_00738917
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073B1DD push eax; ret 0_2_0073B1DF
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073E586 pushad ; retf 0_2_0073E599
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00739F6A push eax; ret 0_2_00739F75
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0073B70B push ebx; ret 0_2_0073B864
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C718C0 push ebp; retf 2_3_02C718C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C728ED push ebx; ret 2_3_02C728E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C7588E push eax; iretd 2_3_02C7589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C758BC pushad ; ret 2_3_02C758C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C7225D push eax; ret 2_3_02C7225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C75606 pushad ; retf 2_3_02C75619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C76012 push 00000038h; iretd 2_3_02C7601D
                      Source: C:\Users\user\Desktop\download.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\Desktop\download.exeAPI/Special instruction interceptor: Address: 7FFAF97ECE64
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFAF97ECE64
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 557B83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: download.exeBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: download.exeBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,GetAdaptersInfo,20_2_000001AFE8632B70
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00731B09 FindFirstFileExW,0_2_00731B09
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F770B54 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,3_3_00007DF40F770B54
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7DD5EC GetSystemInfo,3_3_00007DF40F7DD5EC
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                      Source: dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                      Source: svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000002.00000002.144717598312.000000000305D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWastErrorCode
                      Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui/
                      Source: svchost.exe, 00000002.00000002.144717471106.0000000003012000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000002.145867637674.0000018A529CA000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000002.00000002.144717471106.0000000003012000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWplA
                      Source: msedge.exe, 0000000B.00000002.144886784995.000002164EC62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: chrome.exe, 00000009.00000002.144853150715.000001CFE8687000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee
                      Source: dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW*s:4
                      Source: C:\Users\user\Desktop\download.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0072CB32
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_3_00739277 mov eax, dword ptr fs:[00000030h]0_3_00739277
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00739277 mov eax, dword ptr fs:[00000030h]0_2_00739277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_3_02C70283 mov eax, dword ptr fs:[00000030h]2_3_02C70283
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072BEFA GetProcessHeap,HeapAlloc,HeapFree,HeapFree,VirtualFree,HeapFree,0_2_0072BEFA
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0072CB32
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CCC5 SetUnhandledExceptionFilter,0_2_0072CCC5
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_00731508 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00731508
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CFC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0072CFC3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Early bird code injection technique detected
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created / APC Queued / Resumed: C:\Program Files\Google\Chrome\Application\chrome.exeJump to behavior
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 95.182.97.106 5980Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1AFE8630000 protect: page read and write
                      Maps a DLL or memory area into another process
                      Source: C:\Windows\System32\fontdrvhost.exeSection loaded: NULL target: C:\Program Files\Google\Chrome\Application\chrome.exe protection: execute and read and writeJump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\System32\fontdrvhost.exeThread APC queued: target process: C:\Program Files\Google\Chrome\Application\chrome.exeJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory written: C:\Windows\System32\dllhost.exe base: 1AFE8630000
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF6D1B814E0
                      Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CDD5 cpuid 0_2_0072CDD5
                      Source: C:\Windows\System32\fontdrvhost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F775984 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,3_3_00007DF40F775984
                      Source: C:\Users\user\Desktop\download.exeCode function: 0_2_0072CA19 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0072CA19
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.144630570589.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: !CP:Defichain-Electrum
                      Source: fontdrvhost.exe, 00000003.00000002.145161524348.000002DF105D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Exodus
                      Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
                      Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: GCMKeyStore
                      Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF1045E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                      Tries to harvest and steal Bitcoin Wallet information
                      Source: C:\Windows\System32\fontdrvhost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-QtJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\System32\fontdrvhost.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\SecurityJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\defJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3Jump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Search LogosJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgiclJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\adc0237d-19f1-4a05-9d5e-34249f767b8bJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_storeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3\fa042932-fc34-4e32-904f-a4bd482d112bJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service WorkerJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3\fa042932-fc34-4e32-904f-a4bd482d112b\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\DatabaseJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared DictionaryJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing NetworkJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificatesJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\System32\fontdrvhost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\CZQKSDDMWRJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFWJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                      Source: C:\Windows\System32\fontdrvhost.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.144630570589.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A9E68 listen,malloc,3_3_00007DF40F7A9E68
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F775984 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,3_3_00007DF40F775984
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A97F8 socket,bind,3_3_00007DF40F7A97F8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 3_3_00007DF40F7A83A0 socket,bind,3_3_00007DF40F7A83A0
                      Source: C:\Program Files\Windows Media Player\wmlaunch.exeCode function: 19_2_0000018A5292D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,19_2_0000018A5292D004

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      Create Account                      		1
                      Extra Window Memory Injection                      		1
                      Deobfuscate/Decode Files or Information                      		21
                      Input Capture                      		1
                      Network Service Discovery                      		Remote Desktop Protocol21
                      Data from Local System                      		22
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)612
                      Process Injection                      		3
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		12
                      File and Directory Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      DLL Side-Loading                      		NTDS136
                      System Information Discovery                      		Distributed Component Object Model21
                      Input Capture                      		1
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Extra Window Memory Injection                      		LSA Secrets231
                      Security Software Discovery                      		SSHKeylogging2
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Virtualization/Sandbox Evasion                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job612
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562775 Sample: download.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 52 time.windows.com 2->52 54 time.cloudflare.com 2->54 56 6 other IPs or domains 2->56 70 Suricata IDS alerts for network traffic 2->70 72 Antivirus / Scanner detection for submitted sample 2->72 74 Multi AV Scanner detection for submitted file 2->74 76 4 other signatures 2->76 10 download.exe 1 2->10         started        13 msedge.exe 22 93 2->13         started        15 elevation_service.exe 2->15         started        signatures3 process4 signatures5 86 Switches to a custom stack to bypass stack traces 10->86 17 svchost.exe 10->17         started        21 msedge.exe 13->21         started        process6 dnsIp7 50 95.182.97.106, 443, 49757, 51986 FATUM-ASRussiaKazan420061Kosmonavtovstr29aRU Russian Federation 17->50 66 System process connects to network (likely due to code injection or exploit) 17->66 68 Switches to a custom stack to bypass stack traces 17->68 23 fontdrvhost.exe 6 17->23         started        signatures8 process9 dnsIp10 58 ntp.time.nl 94.198.159.10, 123, 60559 SIDNNL Netherlands 23->58 60 gbg1.ntp.netnod.se 194.58.203.20, 123, 60559 NTP-SEAnycastedNTPservicesfromNetnodIXPsSE Sweden 23->60 62 5 other IPs or domains 23->62 78 Early bird code injection technique detected 23->78 80 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 23->80 82 Tries to steal Mail credentials (via file / registry access) 23->82 84 5 other signatures 23->84 27 wmlaunch.exe 23->27         started        30 chrome.exe 23->30         started        33 msedge.exe 28 23->33         started        36 chrome.exe 23->36         started        signatures11 process12 dnsIp13 88 Writes to foreign memory regions 27->88 90 Allocates memory in foreign processes 27->90 38 dllhost.exe 27->38         started        64 239.255.255.250, 1900 unknown Reserved 30->64 92 Found many strings related to Crypto-Wallets (likely being stolen) 30->92 40 chrome.exe 30->40         started        46 C:\Users\user\AppData\...\download_cache, COM 33->46 dropped 48 C:\Users\user\AppData\Local\Temp\...\cache, COM 33->48 dropped 42 msedge.exe 33->42         started        44 WerFault.exe 2 36->44         started        file14 signatures15 process16

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      download.exe100%AviraHEUR/AGEN.1351777
                      download.exe100%Joe Sandbox ML
                      download.exe51%VirustotalBrowse

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\cache0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\download_cache0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      ntp1.hetzner.de0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://anglebug.com/422621610%Avira URL Cloudsafe
                      https://permanently-removed.invalid/v1/events0%Avira URL Cloudsafe
                      http://anglebug.com/49950%Avira URL Cloudsafe
                      http://anglebug.com/46330%Avira URL Cloudsafe
                      https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE0%Avira URL Cloudsafe
                      http://anglebug.com/422630100%Avira URL Cloudsafe
                      https://anglebug.com/422657940%Avira URL Cloudsafe
                      https://anglebug.com/422657920%Avira URL Cloudsafe
                      http://anglebug.com/422622860%Avira URL Cloudsafe
                      http://anglebug.com/422621660%Avira URL Cloudsafe
                      http://anglebug.com/422622870%Avira URL Cloudsafe
                      http://127.0.0.1:8000/f4698726/6e5a1ad9User0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/f4698726/6e5a1ad9P0%Avira URL Cloudsafe
                      http://unisolated.invalid/0%Avira URL Cloudsafe
                      https://anglebug.com/422657820%Avira URL Cloudsafe
                      http://anglebug.com/46332%VirustotalBrowse
                      https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE4%VirustotalBrowse
                      http://anglebug.com/422666520%Avira URL Cloudsafe
                      http://127.0.0.1:8000/f4698726/6e5a1ad9/0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/f4698726/75fae57d0%Avira URL Cloudsafe
                      http://anglebug.com/422630310%Avira URL Cloudsafe
                      https://issuetracker.google.com/1619030060%Avira URL Cloudsafe
                      https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqkernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://anglebug.com/422666660%Avira URL Cloudsafe
                      http://anglebug.com/422631580%Avira URL Cloudsafe
                      http://anglebug.com/47220%Avira URL Cloudsafe
                      https://permanently-removed.invalid/embedded/setup/chrome/usermenu0%Avira URL Cloudsafe
                      http://anglebug.com/3452440670%Avira URL Cloudsafe
                      http://anglebug.com/422621611%VirustotalBrowse
                      http://anglebug.com/422630490%Avira URL Cloudsafe
                      http://anglebug.com/406446630%Avira URL Cloudsafe
                      http://anglebug.com/422622490%Avira URL Cloudsafe
                      http://anglebug.com/422646690%Avira URL Cloudsafe
                      http://anglebug.com/422655160%Avira URL Cloudsafe
                      http://anglebug.com/35020%Avira URL Cloudsafe
                      http://anglebug.com/36230%Avira URL Cloudsafe
                      http://anglebug.com/36250%Avira URL Cloudsafe
                      http://anglebug.com/36240%Avira URL Cloudsafe
                      https://anglebug.com/422656360%Avira URL Cloudsafe
                      https://anglebug.com/422656370%Avira URL Cloudsafe
                      https://issuetracker.google.com/3476017870%Avira URL Cloudsafe
                      https://anglebug.com/422668420%Avira URL Cloudsafe
                      http://anglebug.com/48360%Avira URL Cloudsafe
                      https://issuetracker.google.com/issues/1664752730%Avira URL Cloudsafe
                      http://anglebug.com/422668420%Avira URL Cloudsafe
                      http://anglebug.com/422644220%Avira URL Cloudsafe
                      http://anglebug.com/422667250%Avira URL Cloudsafe
                      http://anglebug.com/422622470%Avira URL Cloudsafe
                      http://anglebug.com/422658780%Avira URL Cloudsafe
                      http://anglebug.com/422666020%Avira URL Cloudsafe
                      http://anglebug.com/422654070%Avira URL Cloudsafe
                      https://issuetracker.google.com/3090287280%Avira URL Cloudsafe
                      http://anglebug.com/39700%Avira URL Cloudsafe
                      http://anglebug.com/422635800%Avira URL Cloudsafe
                      http://anglebug.com/422622580%Avira URL Cloudsafe
                      http://anglebug.com/422656470%Avira URL Cloudsafe
                      http://anglebug.com/422669760%Avira URL Cloudsafe
                      http://anglebug.com/422632390%Avira URL Cloudsafe
                      http://anglebug.com/25140%Avira URL Cloudsafe
                      http://anglebug.com/39650%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      time.cloudflare.com
                      		162.159.200.1
                      		truefalse
                        		high
                        ntp.nict.jp
                        		133.243.238.243
                        		truefalse
                          		high
                          gbg1.ntp.netnod.se
                          		194.58.203.20
                          		truefalse
                            		unknown
                            ntp.time.nl
                            		94.198.159.10
                            		truefalse
                              		high
                              ntp.time.in.ua
                              		62.149.0.30
                              		truefalse
                                		high
                                ntp1.hetzner.de
                                		213.239.239.164
                                		truefalseunknown
                                gbg1.ntp.se
                                		unknown
                                		unknownfalse
                                  		unknown
                                  time.windows.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchfontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.drfalse
                                      		high
                                      https://secure.eicar.org/eicar.cofontdrvhost.exe, 00000003.00000003.144894538472.000002DF105F9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://anglebug.com/4633msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • 2%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/4995msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXEfontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • 4%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://permanently-removed.invalid/v1/eventsmsedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://shop.advanceautoparts.com/web/OrderItemDisplaychrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://anglebug.com/42262161chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • 1%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://anglebug.com/42265794chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://anglebug.com/42263010chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://anglebug.com/42265792chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://anglebug.com/42262286chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://anglebug.com/42262166chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://anglebug.com/42262287chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://dns-tunnel-check.googlezip.net/connectchrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.zappos.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://127.0.0.1:8000/f4698726/6e5a1ad9Usermsedge.exe, 0000000B.00000002.144887394001.000002164ECFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.guitarcenter.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://127.0.0.1:8000/f4698726/6e5a1ad9Pmsedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://unisolated.invalid/chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.altardstate.com/cart/chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.adorama.com/als.mvc/cartviewchrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/42265782chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.bestbuy.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://anglebug.com/42266652chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://discord.comfontdrvhost.exe, 00000003.00000003.144893733877.000002DF128A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.williams-sonoma.com/shoppingcart/chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://127.0.0.1:8000/f4698726/6e5a1ad9/fontdrvhost.exe, 00000003.00000003.144887695196.000002DF12618000.00000004.00000020.00020000.00000000.sdmp, History.14.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://secure.eicar.org/eicar.com.txtXkafontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://127.0.0.1:8000/f4698726/75fae57dchrome.exe, 00000009.00000002.144858344920.000018180002C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144860025767.000048D8000E9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868409498.000048DC00E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144857507794.000008180002C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://anglebug.com/42263031chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://issuetracker.google.com/161903006msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.ae.com/us/en/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplaychrome.exe, 00000009.00000002.144863406370.000048DC00574000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqkernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000002.00000002.144717744264.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.ecosia.org/newtab/fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/42266666chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://cart.ebay.com/chrome.exe, 00000009.00000002.144865556351.000048DC00958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/42263158chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.gamestop.com/cart/chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.boostmobile.com/cart.htmlchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.samsclub.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/4722msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.overstock.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://permanently-removed.invalid/embedded/setup/chrome/usermenumsedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.bloomingdales.com/my-bagchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://gemini.google.com/app?q=chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/345244067chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://anglebug.com/42263049chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://anglebug.com/40644663chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://secure.newegg.com/shop/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://secure.eicar.org/eicar.com.txtfontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/42262249chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://anglebug.com/42264669chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://anglebug.com/42265516chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://gemini.google.com/app?q=searchTermschrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.jcrew.com/checkout/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://uk.search.yahoo.com/searchchrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/3502msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://anglebug.com/3623msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://anglebug.com/3625msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://anglebug.com/3624msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://anglebug.com/42265636chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://anglebug.com/42265637chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.officedepot.com/cart/shoppingCart.dochrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://issuetracker.google.com/347601787chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://anglebug.com/42266842chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000009.00000002.144868367655.000048DC00E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861028506.000048DC000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144851073877.000048DC010B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/4836msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://issuetracker.google.com/issues/166475273msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.weightwatchers.com/us/shop/checkout/cartchrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/42266842chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42264422chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42266725chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42262247chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42265878chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42266602chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/42265407chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.google.com/images/branding/product/ico/googleg_alldp.icofontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144863328932.000048DC00504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://issuetracker.google.com/309028728chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://anglebug.com/3970msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://anglebug.com/42263580chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.eicar.org/download-anti-malware-testfile/Xkafontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.talbots.com/cartchrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://unitedstates4.ss.wd.microsoft.usmsedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/42262258chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/42265647chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://unitedstates2.ss.wd.microsoft.usmsedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/42266976chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://unitedstates1.ss.wd.microsoft.usmsedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/42263239chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/2514msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/3965msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          162.159.200.1
                                                                                                                          		time.cloudflare.comUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          94.198.159.10
                                                                                                                          		ntp.time.nlNetherlands
                                                                                                                          		1140SIDNNLfalse
                                                                                                                          213.239.239.164
                                                                                                                          		ntp1.hetzner.deGermany
                                                                                                                          		24940HETZNER-ASDEfalse
                                                                                                                          194.58.203.20
                                                                                                                          		gbg1.ntp.netnod.seSweden
                                                                                                                          		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                                          62.149.0.30
                                                                                                                          		ntp.time.in.uaUkraine
                                                                                                                          		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                                                                          133.243.238.243
                                                                                                                          		ntp.nict.jpJapan9355NICTNationalInstituteofInformationandCommunicationsTefalse
                                                                                                                          95.182.97.106
                                                                                                                          		unknownRussian Federation
                                                                                                                          		34518FATUM-ASRussiaKazan420061Kosmonavtovstr29aRUtrue
                                                                                                                          239.255.255.250
                                                                                                                          		unknownReserved
                                                                                                                          		unknownunknownfalse

                                                                                                                          Private

                                                                                                                          IP
                                                                                                                          127.0.0.1

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1562775
                                                                                                                          Start date and time:2024-11-26 01:06:51 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 10m 6s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:download.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@44/103@7/9
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 83.3%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 60%
                                                                                                                          • Number of executed functions: 182
                                                                                                                          • Number of non-executed functions: 21
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, CompPkgSrv.exe, svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 40.119.6.228, 178.156.145.5, 135.148.100.14, 89.116.246.10, 64.142.54.12, 142.250.189.3, 142.250.72.138, 142.250.189.10, 142.251.40.42, 172.217.12.138, 142.250.176.10, 172.217.14.74, 142.250.217.138, 142.250.188.234, 142.250.68.74, 142.250.72.170, 172.217.14.106, 142.250.68.110, 142.251.2.84, 13.91.222.61, 13.107.42.16, 20.99.186.246, 204.79.197.237, 13.107.21.237
                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, pool.ntp.org, www-bing-com.dual-a-0034.a-msedge.net, accounts.google.com, prod-atm-wds-nav.trafficmanager.net, config.edge.skype.com.trafficmanager.net, twc.trafficmanager.net, clientservices.googleapis.com, iris-de-prod-azsc-v2-wus2.westus2.cloudapp.azure.com, nav.smartscreen.microsoft.com, arc.msn.com, www-www.bing.com.trafficmanager.net, safebrowsingohttpgateway.googleapis.com, clients2.google.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, arc.trafficmanager.net, dual-a-0034.a-msedge.net, clients.l.google.com, l-0007.l-msedge.net, prod-agic-wu-4.westus.cloudapp.azure.com, config.edge.skype.com
                                                                                                                          • Execution Graph export aborted for target svchost.exe, PID 8160 because there are no executed function
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          19:09:43API Interceptor1x Sleep call for process: wmlaunch.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          162.159.200.1filezilla-3.17.0.0.0-installer_yr3oq-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                            FileZilla_3.50.0_win64-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                              FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  239.255.255.250http://bc1qcr8muz00d2v7uqg5ggulrmm.comGet hashmaliciousUnknownBrowse
                                                                                                                                    A095176990000.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      http://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                                                                                                        FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                          https://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=trueGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                              http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/Get hashmaliciousUnknownBrowse
                                                                                                                                                https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  IeccNv7PP6.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                    https://kkinternational.co.uk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      62.149.0.30wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        ntp.nict.jpwE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                        • 61.205.120.130
                                                                                                                                                        ntp.time.in.uawE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                        • 62.149.0.30

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        NTP-SEAnycastedNTPservicesfromNetnodIXPsSEregscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        STATEMENT OF ACCOUNT.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        Banking_cordinates_928273.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        REQUEST FOR QUOTATION.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        allcrhfJER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        HSBC_PAYMENT_COPY.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        FILE_2932NH_9923.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                        • 194.58.200.20
                                                                                                                                                        CLOUDFLARENETUShttp://bc1qcr8muz00d2v7uqg5ggulrmm.comGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.134.10
                                                                                                                                                        A095176990000.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.22.72.81
                                                                                                                                                        http://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.65.57
                                                                                                                                                        https://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=trueGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                        • 162.159.61.3
                                                                                                                                                        http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.95.41
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.187.240
                                                                                                                                                        https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 172.67.193.18
                                                                                                                                                        IeccNv7PP6.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        • 172.67.179.207
                                                                                                                                                        HETZNER-ASDEhttps://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=trueGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                        • 95.216.29.124
                                                                                                                                                        Pe4905VGl1.batGet hashmaliciousAsyncRATBrowse
                                                                                                                                                        • 168.119.208.219
                                                                                                                                                        http://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 5.161.110.190
                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        • 49.13.32.95
                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        • 49.13.32.95
                                                                                                                                                        http://google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 94.130.197.138
                                                                                                                                                        rbCoIEGfDf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • 91.107.151.211
                                                                                                                                                        LWv5DuboZh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • 91.107.151.211
                                                                                                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 88.198.8.150
                                                                                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                        • 144.79.19.125

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        caec7ddf6889590d999d7ca1b76373b6wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        g753nr4GI9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        msvcp110.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        DCF368HPtv.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106
                                                                                                                                                        ji2OQQH0ei.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 95.182.97.106

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\cacherPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                          C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\download_cacherPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4695b114-5fda-44a1-9773-d08fbc742b2c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14946
                                                                                                                                                            Entropy (8bit):5.626818648421253
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeI9OS8y9XIKf+qNuB:/IuERzA83h09RZx2S8y9XIKfHN2
                                                                                                                                                            MD5:657F7EF68172E9F989DEFE74E3B1A8E1
                                                                                                                                                            SHA1:63036D49EF47B73A2D12B4FE900C0D636F0C8658
                                                                                                                                                            SHA-256:FF999B324DAD726C57E2DD5D5058CF3E439D3933B61EDE895646C57E0733C385
                                                                                                                                                            SHA-512:0B37A580A76B9B6A6958FBBEA183D7FBAFB58FA948501A6BB1C307B0B1605A4D89CC01D151D5FE899BCBACF1DA09B44A208F0D6B12BF888FB2602074152A71D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6b4c8ad6-ab1e-43d7-940d-bb24915bdfc6.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14946
                                                                                                                                                            Entropy (8bit):5.626799382120305
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeI9O88y9XIKf+qNuB:/IuERzA83h09RZx288y9XIKfHN2
                                                                                                                                                            MD5:53F8CE14E0446FC1E4D017E77680553C
                                                                                                                                                            SHA1:D349320DE7CE60DDDB87D6138933F9B1A808E202
                                                                                                                                                            SHA-256:608CC671A10FE26AAA4AEBAB7B0AD102333CE80EE0B2161909330433387338C5
                                                                                                                                                            SHA-512:783121532712B9E9B426086A877C6545E86E0D44C970C0572F77867FD40DB299FF365FD8C241F2BBC2E894A6DBC035DBBDA4C9B1C6649CB6E8AF95F39C806311
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7333e8b7-4117-465f-a68f-102206554fe9.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14946
                                                                                                                                                            Entropy (8bit):5.626818648421253
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeI9OS8y9XIKf+qNuB:/IuERzA83h09RZx2S8y9XIKfHN2
                                                                                                                                                            MD5:657F7EF68172E9F989DEFE74E3B1A8E1
                                                                                                                                                            SHA1:63036D49EF47B73A2D12B4FE900C0D636F0C8658
                                                                                                                                                            SHA-256:FF999B324DAD726C57E2DD5D5058CF3E439D3933B61EDE895646C57E0733C385
                                                                                                                                                            SHA-512:0B37A580A76B9B6A6958FBBEA183D7FBAFB58FA948501A6BB1C307B0B1605A4D89CC01D151D5FE899BCBACF1DA09B44A208F0D6B12BF888FB2602074152A71D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674511B3-68C.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.24658344224372414
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:2mCE0p3YSNbasO1AUPjIQdkTeEu1RGg1DR9BRGKv0no3RGg1DRsRG:2mCEkISNbaLzdkyEuKg1mKv0noQg1j
                                                                                                                                                            MD5:4943A1E1BEB3F43D0D024A7553F35506
                                                                                                                                                            SHA1:FD0587E226017303E4962CE8E96D3485E749351B
                                                                                                                                                            SHA-256:8EB1DBFBA492AEEA158A1E55C1BD42BDC8C36072CC48DC5585F7D533667330CA
                                                                                                                                                            SHA-512:BDE4ADA995D0DAE85F7F59CB9A2CC6ED939CC2FC077EF42DBE669C116AF15796066D4E0077B12EB03756B7B8401248AF991273900A6486495C544208005E684A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@...................P...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..|.......".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default..@..<...%...msAutoToggleMSAPrtSSOForNonMSAProfile.......triggere

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):152
                                                                                                                                                            Entropy (8bit):4.846101405296782
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Fg/fltlK7D2yQ9Bu2jVuDgmWUJ62+I3fdlYl8:qf1KryvpMgmTb3f08
                                                                                                                                                            MD5:4F92EE10C14AB76DB7578B74BFD51FBD
                                                                                                                                                            SHA1:A7F3CD6CA3249B0127EBDD3F02894EFCDC71BD8E
                                                                                                                                                            SHA-256:91BAD29873C51B45151A7BDAE3B1233EA55F063C3592F966FBF5492426B6303B
                                                                                                                                                            SHA-512:8DB464088823EAA5A73108453ECFD61F87251EA617D0C62B664EE0AD6288AA86126FEBB50B4AD3F0E126C844EDE01177705384B4B05DE54AB030879CC9342005
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:sdPC....................+.^..h#A...0.ER."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="..................baf89b04-ec85-4201-8b33-0b186effe467............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\099b4b2e-5b45-415e-94ee-a8c0ce68ab5a.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2491
                                                                                                                                                            Entropy (8bit):5.024815106477102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YPj1Zu4Vr8KVNkGkXX6VVks0LtpsA1Lmh9crbJ/anUJaYPI7xaMGH1oB+Cm9mca:KvuoGX6VVOZpsAJ4OrMn3YPo0MG6+Z9O
                                                                                                                                                            MD5:73BACCE0CEDA4142C1645D3CB33DA6AD
                                                                                                                                                            SHA1:804C432E7028F0D676C1DE3EDB5BE2C68F9E706D
                                                                                                                                                            SHA-256:6974DE6DC6FDD8F97C57194B32842D6A79D807B9AA01B44FE883553D07DBDCB1
                                                                                                                                                            SHA-512:90BB7134F453E4D54D7FE743DF6442E743B4EB3ABB40B2394A718BD2F2C7616F6D72F247A0008AA7B5A31D193E1747D6B8AA62D6EB7BBB74517CEC7AEF8A6760
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377053363336416"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\17fa4106-fb1a-411e-a14d-46326b9b234c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23913
                                                                                                                                                            Entropy (8bit):5.593843350413024
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:dQ7fCtcFSKhOObJ+UoAYDCx9TuqZz0VfUCh7xbog/OVSLlP9fCtrU/VjWKhQpy4h:CLW0S8F1+UoAYDCx9Tuqh0VfUC9xbogQ
                                                                                                                                                            MD5:B9DEDFBF63B356456756E1B5302A246E
                                                                                                                                                            SHA1:9589E382E652B26D24C05F8548B88CBD0F0FB374
                                                                                                                                                            SHA-256:9F26B1649BC73FC8D6E8D0835FED18114F91F84A5E577AF2DA1A714918EA26FE
                                                                                                                                                            SHA-512:F97333CFAF7CDA7AC58376DE9A916B6BA7C98D9FC0EBBAA1F92C1F2DC5DEAFFC64B013ECC49703E7E6ABDE71AFB9D01348882C5107BD112DE1BC042D00C72BAE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13377053363488497","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","https://*onenote.gov.online.office365.us/*","https://*powerpoint.gov.online.office365.us/*","https://*word-edit.gov.online.office365.us/*","https://

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\19a951a7-6991-468b-ab8c-9a7a4e8a6bd8.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):7894
                                                                                                                                                            Entropy (8bit):4.9587848404655
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:s7OTNk9jPcAWMdkAaouYI3+YEuihcgrnhmI:s7OTNk9jPcAWMdTaoVISeJI
                                                                                                                                                            MD5:084B79DE106977DB4CB177D045238FBD
                                                                                                                                                            SHA1:A7BC1499035D2B0E1E89CB26CBDA1EAC9ED5751E
                                                                                                                                                            SHA-256:8AA931B4FE685B24F2F7CA8E17A1A916366E822301B09291DA8A282455F728D6
                                                                                                                                                            SHA-512:97011CE3782BBD046415E3E0882D2A8C223CE400A1F64525E96035628599D16A7AB6FD2BE74219EF5E7B794B74D9FDDB177D0763E4C157D0B3397D95DC8D8F2F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_info":[],"account_tracker_service_last_update":"13377053363596925","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles":{"browser_name":6,"is_AutoFillFormData_imported":true,"is_Cookies_imported":true,"is_Extensions_imported":true,"is_Favorite_imported":true,"is_History_imported":true,"is_Payments_imported":true,"is_SavedPasswords_imported":true,"is_Settings_imported":true,"source_path":"C:\\Users\\user\\AppData\\Local\\Packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default"}},"imported_default_search_engine":"https://www.bing.com/search?q={searchTerms}&FORM={referrer:source}"},"autocomplete":{"retention_policy_last_version":94},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_norm

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\51402cbd-73b6-42ac-bc58-835c728aa1e4.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):71757
                                                                                                                                                            Entropy (8bit):6.771708343960135
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                            MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                            SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                            SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                            SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6441994c-4645-4008-9baf-33cffbaf3730.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9000
                                                                                                                                                            Entropy (8bit):4.994257462742733
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                            MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                            SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                            SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                            SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6b9b5939-ea0c-465a-b14d-27bb246cde6c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):793
                                                                                                                                                            Entropy (8bit):4.7629472803539885
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Y2esatahVsas2qJ3atJ3aoaf3QYhD07nby:Y2eVMhVVs2qJqfqZ4Yh7
                                                                                                                                                            MD5:7288A316F19C37FAB44CF5D709D6B5B5
                                                                                                                                                            SHA1:A6989C3CB1DF792AE69AECC05D58BAAC0EFF58FA
                                                                                                                                                            SHA-256:5AC716ACFF60DF8DF0C89634F3850949E79B7518824A524D7E7B61CF49F4D6B7
                                                                                                                                                            SHA-512:50F33556E8BBF981807D67F5E4092F99A5D558B8C62D4F62687193ACC65813A895506D9DCAE3DE015C5A6877DB8694A76752DF03EAD9610C5ABB0AF7151DABA4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://edge.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://substrate.office.com","supports_spdy":true},{"isolation":[],"server":"https://prod.rewardsplatform.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://dns.quad9.net","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true},{"isolation":[],"server":"https://edge.activity.windows.com","supports_spdy":true},{"isolation":[],"server":"https://arc.msn.com","supports_spdy":true},{"isolation":[],"server":"https://www.bing.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.20","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7841789f-b65c-4521-a27f-f11ffa9f01d1.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\850cb293-d11f-4ba2-882d-31f35fba9ae3.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23881
                                                                                                                                                            Entropy (8bit):5.594428796750239
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:dQ7fCtcFRKhOObJ+UoAYDCx9TuqZz0VfUCh7xbog/OVSLlP9fCtrUsVjsKhQp14J:CLW0R8F1+UoAYDCx9Tuqh0VfUC9xbogW
                                                                                                                                                            MD5:9319513A6B14A0503057C74B7A9E26FB
                                                                                                                                                            SHA1:EAABBEDDF7EB0FACF9326716553B19B8D8E16EF0
                                                                                                                                                            SHA-256:D5A5ED5B02199A619552002D603EE6CB6FFF78A8CC6B200001C56A45EB01573D
                                                                                                                                                            SHA-512:C0338A7324019ACAA05398D975DA456C1B8E52F3FB8E1114E0ACC4A0942AD260465D1E7F281C54F83F82BD5C43D28DB14B4B4373756BCD8B04D886B0F9788CB7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13377053363488497","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","https://*onenote.gov.online.office365.us/*","https://*powerpoint.gov.online.office365.us/*","https://*word-edit.gov.online.office365.us/*","https://

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 11, database pages 7, 1st free page 5, free pages 2, cookie 0x9, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):28672
                                                                                                                                                            Entropy (8bit):0.8233650039721325
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:TKXOpyO5JMxnvmoy4GVUufe6Rp+sYbgaq+s1ebPo+sX+s:sn5HGsjsYMcs1ePsOs
                                                                                                                                                            MD5:334FD93B5E18A54FF751192287A6FAAB
                                                                                                                                                            SHA1:B9942325579610AD272E380AA09D88394DC14269
                                                                                                                                                            SHA-256:A8CED2B2E735778E9D847883CBDC9267792B716A6B4222760C60E618F9253C66
                                                                                                                                                            SHA-512:06531EF0EE006F9BB5EF56065DBB567C2B294C20ECBD0884419AE8B6D56A1C384E4A06BA1625D64DD9B248FB9DBB6DF5BCF37C8C506E26A44DB9980ABCAD8617
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................S`..=......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):71757
                                                                                                                                                            Entropy (8bit):6.771708343960135
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                            MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                            SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                            SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                            SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):627
                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                            MD5:9D7435EA49A80FDD66E4915F513017F9
                                                                                                                                                            SHA1:469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
                                                                                                                                                            SHA-256:409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
                                                                                                                                                            SHA-512:0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):324
                                                                                                                                                            Entropy (8bit):5.243027839598732
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXDSSN+q2PCN23oH+Tcwt8NIFUt8YApXDSSZZmw+YApXDSSNVkwOCN23oH+TcN:gFOSN+v1YebpFUt87FOSZ/+7FOSNV5eO
                                                                                                                                                            MD5:0F5CF67E3F2153F3A07715A47F7DC744
                                                                                                                                                            SHA1:ACE68A70A568240299B34328C58DCAC1541234D3
                                                                                                                                                            SHA-256:6442DE36777D3366245A69FD73E518CEAA5BBFCDBEFC9940A0065F6F2B98A990
                                                                                                                                                            SHA-512:B22B4A3F2E4B01F7D59DD5A611A07573378A758A95C6AC4A563133FA1FB5CBE58379E9741B1E18E676D2A858543A94A50C0CAE8C83857E2623A6F819E42E042B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.763 167c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-19:09:23.763 167c Recovering log #3.2024/11/25-19:09:23.763 167c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):324
                                                                                                                                                            Entropy (8bit):5.243027839598732
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXDSSN+q2PCN23oH+Tcwt8NIFUt8YApXDSSZZmw+YApXDSSNVkwOCN23oH+TcN:gFOSN+v1YebpFUt87FOSZ/+7FOSNV5eO
                                                                                                                                                            MD5:0F5CF67E3F2153F3A07715A47F7DC744
                                                                                                                                                            SHA1:ACE68A70A568240299B34328C58DCAC1541234D3
                                                                                                                                                            SHA-256:6442DE36777D3366245A69FD73E518CEAA5BBFCDBEFC9940A0065F6F2B98A990
                                                                                                                                                            SHA-512:B22B4A3F2E4B01F7D59DD5A611A07573378A758A95C6AC4A563133FA1FB5CBE58379E9741B1E18E676D2A858543A94A50C0CAE8C83857E2623A6F819E42E042B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.763 167c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-19:09:23.763 167c Recovering log #3.2024/11/25-19:09:23.763 167c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 5, database pages 35, cookie 0x1e, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):163840
                                                                                                                                                            Entropy (8bit):0.4743475995507395
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:+uwpxGU+bDoYysX0uhnyZtha58VjN9DLjGQLBE3uv:+uuV+bDo3irhnyBi8Vj3XBBE3uv
                                                                                                                                                            MD5:6E47E3A1C92DC7FB41349247C19EEE4F
                                                                                                                                                            SHA1:D1410BE99428A5D84B694A5C08BDA52FB8BDCF73
                                                                                                                                                            SHA-256:74768A9E4C8968E085AE704987923A1093326B7AFC340EAA9D70634BD547FB7B
                                                                                                                                                            SHA-512:215385C24834409F550CDB53E869F3A8B24ED73F7B6C02DCAAD4285E925FC58479761D674F55165AB712D7F1FEE9FBE6AC9E37FDBC0D2FBDC537084F1FEAED02
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......#..................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):430
                                                                                                                                                            Entropy (8bit):4.988031117736637
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:Wd3BDiNBDmYZtGGGvZso6N7fxAsk75EOtTil/d:cDincGGKo6N7pAskV1tT6F
                                                                                                                                                            MD5:1EFF1E69C6E6A8311820C30F11DFE296
                                                                                                                                                            SHA1:92DE42D6CB492FD0A3D5CC48966CDC8F701A9851
                                                                                                                                                            SHA-256:5732D00105FAC4A752B3E4EBDD5915332C955FD578CA77B2EFC3F6A37573A540
                                                                                                                                                            SHA-512:EEF3E74176EABDEBB365F61F413ED1BECDE2C1B7B41E47D5239FEA8BA609DF283F20AB62B156F12BE1A7B20833A6483BBD4998055059DC1148397DCD86F98863
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......"-....127.0.0.1..6e5a1ad9..8000..f4698726..http*A......127.0.0.1......6e5a1ad9......8000......f4698726......http..2..................0.........1.........2.........4........5........6.........7.........8.........9.........a........d........e........f........h........p........t...:/...............................................BO...K...... ........*'http://127.0.0.1:8000/f4698726/6e5a1ad92.:................J..............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):333
                                                                                                                                                            Entropy (8bit):5.203105470084761
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXPRN4q2PCN23oH+Tcwt8a2jMGIFUt8YApXSZmw+YApXekwOCN23oH+Tcwt8as:gFPRN4v1Yeb8EFUt87FS/+7Fe5eYeb8N
                                                                                                                                                            MD5:A3D11D6F7E77F66AF52A71AE2691F819
                                                                                                                                                            SHA1:328400069C138A855EF4DABDF93A113CA1E8B9BA
                                                                                                                                                            SHA-256:984600B076CE16219967911BC0DED0E2DEECED59726941E3C0A1AEE28C7EFDAE
                                                                                                                                                            SHA-512:52176E8087428668238D6D0B8A93CB1F9C32A9A4D2F256105BAAE4440F074FEEA20206A1F320FF2BB0EB01BD1A038A0BA5C3508D11DA5B778B241728DA7B15ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.503 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-19:09:23.504 634 Recovering log #3.2024/11/25-19:09:23.504 634 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):333
                                                                                                                                                            Entropy (8bit):5.203105470084761
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXPRN4q2PCN23oH+Tcwt8a2jMGIFUt8YApXSZmw+YApXekwOCN23oH+Tcwt8as:gFPRN4v1Yeb8EFUt87FS/+7Fe5eYeb8N
                                                                                                                                                            MD5:A3D11D6F7E77F66AF52A71AE2691F819
                                                                                                                                                            SHA1:328400069C138A855EF4DABDF93A113CA1E8B9BA
                                                                                                                                                            SHA-256:984600B076CE16219967911BC0DED0E2DEECED59726941E3C0A1AEE28C7EFDAE
                                                                                                                                                            SHA-512:52176E8087428668238D6D0B8A93CB1F9C32A9A4D2F256105BAAE4440F074FEEA20206A1F320FF2BB0EB01BD1A038A0BA5C3508D11DA5B778B241728DA7B15ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.503 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-19:09:23.504 634 Recovering log #3.2024/11/25-19:09:23.504 634 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):793
                                                                                                                                                            Entropy (8bit):4.7629472803539885
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Y2esatahVsas2qJ3atJ3aoaf3QYhD07nby:Y2eVMhVVs2qJqfqZ4Yh7
                                                                                                                                                            MD5:7288A316F19C37FAB44CF5D709D6B5B5
                                                                                                                                                            SHA1:A6989C3CB1DF792AE69AECC05D58BAAC0EFF58FA
                                                                                                                                                            SHA-256:5AC716ACFF60DF8DF0C89634F3850949E79B7518824A524D7E7B61CF49F4D6B7
                                                                                                                                                            SHA-512:50F33556E8BBF981807D67F5E4092F99A5D558B8C62D4F62687193ACC65813A895506D9DCAE3DE015C5A6877DB8694A76752DF03EAD9610C5ABB0AF7151DABA4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://edge.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://substrate.office.com","supports_spdy":true},{"isolation":[],"server":"https://prod.rewardsplatform.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://dns.quad9.net","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true},{"isolation":[],"server":"https://edge.activity.windows.com","supports_spdy":true},{"isolation":[],"server":"https://arc.msn.com","supports_spdy":true},{"isolation":[],"server":"https://www.bing.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.20","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9000
                                                                                                                                                            Entropy (8bit):4.994257462742733
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                            MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                            SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                            SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                            SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFdd11ee.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9000
                                                                                                                                                            Entropy (8bit):4.994257462742733
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                            MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                            SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                            SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                            SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFdd1317.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9000
                                                                                                                                                            Entropy (8bit):4.994257462742733
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                            MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                            SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                            SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                            SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2491
                                                                                                                                                            Entropy (8bit):5.024815106477102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YPj1Zu4Vr8KVNkGkXX6VVks0LtpsA1Lmh9crbJ/anUJaYPI7xaMGH1oB+Cm9mca:KvuoGX6VVOZpsAJ4OrMn3YPo0MG6+Z9O
                                                                                                                                                            MD5:73BACCE0CEDA4142C1645D3CB33DA6AD
                                                                                                                                                            SHA1:804C432E7028F0D676C1DE3EDB5BE2C68F9E706D
                                                                                                                                                            SHA-256:6974DE6DC6FDD8F97C57194B32842D6A79D807B9AA01B44FE883553D07DBDCB1
                                                                                                                                                            SHA-512:90BB7134F453E4D54D7FE743DF6442E743B4EB3ABB40B2394A718BD2F2C7616F6D72F247A0008AA7B5A31D193E1747D6B8AA62D6EB7BBB74517CEC7AEF8A6760
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377053363336416"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFdd11fe.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2491
                                                                                                                                                            Entropy (8bit):5.024815106477102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YPj1Zu4Vr8KVNkGkXX6VVks0LtpsA1Lmh9crbJ/anUJaYPI7xaMGH1oB+Cm9mca:KvuoGX6VVOZpsAJ4OrMn3YPo0MG6+Z9O
                                                                                                                                                            MD5:73BACCE0CEDA4142C1645D3CB33DA6AD
                                                                                                                                                            SHA1:804C432E7028F0D676C1DE3EDB5BE2C68F9E706D
                                                                                                                                                            SHA-256:6974DE6DC6FDD8F97C57194B32842D6A79D807B9AA01B44FE883553D07DBDCB1
                                                                                                                                                            SHA-512:90BB7134F453E4D54D7FE743DF6442E743B4EB3ABB40B2394A718BD2F2C7616F6D72F247A0008AA7B5A31D193E1747D6B8AA62D6EB7BBB74517CEC7AEF8A6760
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377053363336416"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFdd1308.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2491
                                                                                                                                                            Entropy (8bit):5.024815106477102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YPj1Zu4Vr8KVNkGkXX6VVks0LtpsA1Lmh9crbJ/anUJaYPI7xaMGH1oB+Cm9mca:KvuoGX6VVOZpsAJ4OrMn3YPo0MG6+Z9O
                                                                                                                                                            MD5:73BACCE0CEDA4142C1645D3CB33DA6AD
                                                                                                                                                            SHA1:804C432E7028F0D676C1DE3EDB5BE2C68F9E706D
                                                                                                                                                            SHA-256:6974DE6DC6FDD8F97C57194B32842D6A79D807B9AA01B44FE883553D07DBDCB1
                                                                                                                                                            SHA-512:90BB7134F453E4D54D7FE743DF6442E743B4EB3ABB40B2394A718BD2F2C7616F6D72F247A0008AA7B5A31D193E1747D6B8AA62D6EB7BBB74517CEC7AEF8A6760
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377053363336416"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):213
                                                                                                                                                            Entropy (8bit):2.7541301583060975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
                                                                                                                                                            MD5:046CC08D163FC4578CD1B77A5D0965AC
                                                                                                                                                            SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
                                                                                                                                                            SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
                                                                                                                                                            SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):321
                                                                                                                                                            Entropy (8bit):5.192410172632656
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXkjq2PCN23oH+TcwtrQMxIFUt8YApX5a9Zmw+YApX5aPkwOCN23oH+TcwtrQq:gFkjv1YebCFUt87F5q/+7F5W5eYebtJ
                                                                                                                                                            MD5:9147D03CEE733807CF1C1D63325E899E
                                                                                                                                                            SHA1:6B46B5168D1686FEB50923E4F30C76EA38022C47
                                                                                                                                                            SHA-256:99B0B4D9CA6B7DE08C59DCC1F7AEE176BFB786E569422984B50D5281BEAA76D9
                                                                                                                                                            SHA-512:58040B31E26D5D3732DB3F1DF91E925AC2C771CD5824163DBE6A9FB939F7155D91407D399C84CAC47C7FC0BB7F4368B27981F38E59A74D51E69A224013D9E416
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.594 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-19:09:23.595 634 Recovering log #3.2024/11/25-19:09:23.595 634 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):321
                                                                                                                                                            Entropy (8bit):5.192410172632656
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXkjq2PCN23oH+TcwtrQMxIFUt8YApX5a9Zmw+YApX5aPkwOCN23oH+TcwtrQq:gFkjv1YebCFUt87F5q/+7F5W5eYebtJ
                                                                                                                                                            MD5:9147D03CEE733807CF1C1D63325E899E
                                                                                                                                                            SHA1:6B46B5168D1686FEB50923E4F30C76EA38022C47
                                                                                                                                                            SHA-256:99B0B4D9CA6B7DE08C59DCC1F7AEE176BFB786E569422984B50D5281BEAA76D9
                                                                                                                                                            SHA-512:58040B31E26D5D3732DB3F1DF91E925AC2C771CD5824163DBE6A9FB939F7155D91407D399C84CAC47C7FC0BB7F4368B27981F38E59A74D51E69A224013D9E416
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.594 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-19:09:23.595 634 Recovering log #3.2024/11/25-19:09:23.595 634 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377053363756224

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1265
                                                                                                                                                            Entropy (8bit):3.2867261353230637
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:3WlyLPxQ3ZL/dJhSM/Amqg/3WK4cCacKY08l6rF439Wo8QYtt7Hl7z:3i6xUP8MImqgISc76rF49Ct7Hl7z
                                                                                                                                                            MD5:31CB9417288F88977097A2E26008E36E
                                                                                                                                                            SHA1:A11CB737EE8748503AA627BDECF52E26AD90F9D7
                                                                                                                                                            SHA-256:4224C986F8386906D5165AE2E6BD2DFF48D7133B6C8FEBB248AA751B106DB2B3
                                                                                                                                                            SHA-512:26251CEEB7B96A3BDA624EB4CCE85C03C7EF878AC173015B13F63FB4BDC02E549F663756E5512693E276DFE6C748EE6428BFAC3470A104AC3E61F26FFB83479E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNSS................................"........9.#4.......$...df5ccfaa-d6b2-4328-bc03-8d9dc060d27a........................................................!.............................................1..,.......$...ebd799fc_41f6_4b05_945b_3278405b9791........................._...........5..0.......&...{C26278E9-C77B-4751-A0E6-C0D26D021878}........................-..(...........'...http://127.0.0.1:8000/f4698726/6e5a1ad9.....t...p.......h...........................................x.......................................................O.[..'..P.[..'..........(............... .......x...............................V...'...h.t.t.p.:././.1.2.7...0...0...1.:.8.0.0.0./.f.4.6.9.8.7.2.6./.6.e.5.a.1.a.d.9...................................8.......0.......8....................................................................... .......................................................P...$...9.5.0.0.1.c.d.5.-.0.6.a.e.-.4.7.e.3.-.8.b.5.1.-.8.7.e.e.b.6.4.f.d.9.5.8.................P...$...3.8.1.6.4.1.b.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377053363765091

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4819
                                                                                                                                                            Entropy (8bit):3.846051106079872
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:3c+hF0wD8WQpV8UIoQUbXf6sKy7s+WBs4aVS:31gwDI8xoBbXfUlaVS
                                                                                                                                                            MD5:D82029693661F2BB460B809A41467E6E
                                                                                                                                                            SHA1:C55EAA50862712AAC25B2EFA3FF8C0856C538F4A
                                                                                                                                                            SHA-256:58B64090D4644894104EF8FDF1AD968A3067DFCBA21D15B20EA0460906CA319B
                                                                                                                                                            SHA-512:FC619F965CCE3D3B6BFB7AE96C72BF8A753D9E7B0D0028B08FB173F8D35F3EB193257FF9B457B066D75810DE5E501A2E5D913E4E840AF99AA394E368A2B682B8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNSS.................d^.`/.q..l...............https://www.bing.com/search?q=regedikt&form=WNSGPH&qs=SW&cvid=1c4c2e2811e44c03a63aad6fcf391716&pq=regedikt&cc=GB&setlang=en-US&wsso=Moderate....r.e.g.e.d.i.k.t. .-. .S.e.a.r.c.h...........................................................x...............................................h........*..2....*..2...........................x....................................... .......h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.r.e.g.e.d.i.k.t.&.f.o.r.m.=.W.N.S.G.P.H.&.q.s.=.S.W.&.c.v.i.d.=.1.c.4.c.2.e.2.8.1.1.e.4.4.c.0.3.a.6.3.a.a.d.6.f.c.f.3.9.1.7.1.6.&.p.q.=.r.e.g.e.d.i.k.t.&.c.c.=.G.B.&.s.e.t.l.a.n.g.=.e.n.-.U.S.&.w.s.s.o.=.M.o.d.e.r.a.t.e.................................................0.......H.......X.......x...............................................................8.......P.......h.......................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):349
                                                                                                                                                            Entropy (8bit):5.165058073055709
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXuq2PCN23oH+Tcwt7Uh2ghZIFUt8YApX3Zmw+YApXERFzkwOCN23oH+Tcwt7w:gFuv1YebIhHh2FUt87F3/+7F4Fz5eYeQ
                                                                                                                                                            MD5:347E511FA3744A2E626493AF78E3A984
                                                                                                                                                            SHA1:77E9F440FBCAB96A2D35AAA00C08077D2D4DC10F
                                                                                                                                                            SHA-256:855EEF615EA9287D63270CD77B58984B9A65374D1FB9C4A8D44738123AA655CE
                                                                                                                                                            SHA-512:A0BCE917D2FDD3184FA809E7FB5EB468648ED90B67440E78B46811F2A487CA676B48558DEFC0368D59F0F85F406933FEAFDC499525FEA21D487CE0820FBCE577
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.415 3f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-19:09:23.415 3f4 Recovering log #3.2024/11/25-19:09:23.416 3f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):349
                                                                                                                                                            Entropy (8bit):5.165058073055709
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXuq2PCN23oH+Tcwt7Uh2ghZIFUt8YApX3Zmw+YApXERFzkwOCN23oH+Tcwt7w:gFuv1YebIhHh2FUt87F3/+7F4Fz5eYeQ
                                                                                                                                                            MD5:347E511FA3744A2E626493AF78E3A984
                                                                                                                                                            SHA1:77E9F440FBCAB96A2D35AAA00C08077D2D4DC10F
                                                                                                                                                            SHA-256:855EEF615EA9287D63270CD77B58984B9A65374D1FB9C4A8D44738123AA655CE
                                                                                                                                                            SHA-512:A0BCE917D2FDD3184FA809E7FB5EB468648ED90B67440E78B46811F2A487CA676B48558DEFC0368D59F0F85F406933FEAFDC499525FEA21D487CE0820FBCE577
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.415 3f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-19:09:23.415 3f4 Recovering log #3.2024/11/25-19:09:23.416 3f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24
                                                                                                                                                            Entropy (8bit):2.1431558784658327
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:m+l:m
                                                                                                                                                            MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                            SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                            SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                            SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:0\r..m..................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):48
                                                                                                                                                            Entropy (8bit):2.9972243200613975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:HCgTEWIC:iggdC
                                                                                                                                                            MD5:F8E35EFBDD78973E43B04629C435D291
                                                                                                                                                            SHA1:D1AA46FE1FFF899BB623FAF5E2BF2B8B72FB0858
                                                                                                                                                            SHA-256:04BEB1899737A8E9FF0B7055BCD9798BA05B7BDCE975AB96A01859CBC44EC718
                                                                                                                                                            SHA-512:D8F1BA538AC86C3B173E15F8B18B717C3AC6CA451B6ED4657FDAB18F6F492337AE1BCF6F02433A1CACB5B674BE08103317F881A0EEAB2856F106BF5F3D1BBE04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(....'X.oy retne............................[./.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):48
                                                                                                                                                            Entropy (8bit):2.9972243200613975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:HCgTEWIC:iggdC
                                                                                                                                                            MD5:F8E35EFBDD78973E43B04629C435D291
                                                                                                                                                            SHA1:D1AA46FE1FFF899BB623FAF5E2BF2B8B72FB0858
                                                                                                                                                            SHA-256:04BEB1899737A8E9FF0B7055BCD9798BA05B7BDCE975AB96A01859CBC44EC718
                                                                                                                                                            SHA-512:D8F1BA538AC86C3B173E15F8B18B717C3AC6CA451B6ED4657FDAB18F6F492337AE1BCF6F02433A1CACB5B674BE08103317F881A0EEAB2856F106BF5F3D1BBE04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(....'X.oy retne............................[./.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24
                                                                                                                                                            Entropy (8bit):2.1431558784658327
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:m+l:m
                                                                                                                                                            MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                            SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                            SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                            SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:0\r..m..................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):48
                                                                                                                                                            Entropy (8bit):2.9972243200613975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:HCgTEWIC:iggdC
                                                                                                                                                            MD5:F8E35EFBDD78973E43B04629C435D291
                                                                                                                                                            SHA1:D1AA46FE1FFF899BB623FAF5E2BF2B8B72FB0858
                                                                                                                                                            SHA-256:04BEB1899737A8E9FF0B7055BCD9798BA05B7BDCE975AB96A01859CBC44EC718
                                                                                                                                                            SHA-512:D8F1BA538AC86C3B173E15F8B18B717C3AC6CA451B6ED4657FDAB18F6F492337AE1BCF6F02433A1CACB5B674BE08103317F881A0EEAB2856F106BF5F3D1BBE04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(....'X.oy retne............................[./.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):48
                                                                                                                                                            Entropy (8bit):2.9972243200613975
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:HCgTEWIC:iggdC
                                                                                                                                                            MD5:F8E35EFBDD78973E43B04629C435D291
                                                                                                                                                            SHA1:D1AA46FE1FFF899BB623FAF5E2BF2B8B72FB0858
                                                                                                                                                            SHA-256:04BEB1899737A8E9FF0B7055BCD9798BA05B7BDCE975AB96A01859CBC44EC718
                                                                                                                                                            SHA-512:D8F1BA538AC86C3B173E15F8B18B717C3AC6CA451B6ED4657FDAB18F6F492337AE1BCF6F02433A1CACB5B674BE08103317F881A0EEAB2856F106BF5F3D1BBE04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:(....'X.oy retne............................[./.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.629307656487099E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsFl0l2U+ju:LsFKz+j
                                                                                                                                                            MD5:D237AC6D7568D48B5CF29B3FEF160DC0
                                                                                                                                                            SHA1:604122B02BB64C7433F4D4805183449F54114248
                                                                                                                                                            SHA-256:9ACD9D39DE99198F4C10237C6DFF4336898318A1EF8A48FD9C75C8E4C973E793
                                                                                                                                                            SHA-512:33BC053C1A9706F788E66C2BFD0F70944F8E0CB614AD2CF31CFE40A36053D12B5FE6F9F60069AF423FF6F7F595F78B9F16EF1D1C9E883F82530413CA3128FEB3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.........................................Y..[./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):391
                                                                                                                                                            Entropy (8bit):5.250811152364869
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXzTNHM1CN23oH+TcwtzjqEKj3K/2jM8B2KLlVApXU4q2PCN23oH+TcwtzjqE0:gFzVMYebvqBvFLoFDv1YebvqBQFUv
                                                                                                                                                            MD5:02D494798310DB204F3DF06F0EE74571
                                                                                                                                                            SHA1:7BB8B32577D38E47024E9A480F39507982927D87
                                                                                                                                                            SHA-256:70462790AD41069B5CBB8E2B219F798FEF407A840153C1A7456BDE924B323F09
                                                                                                                                                            SHA-512:7558EAC54E4676C825E713BB967EFA07418943176A2CE9C1E0AFCC3F11CF9868DA1617A912EA9EC3EC9957AE5ACF73822031F0F91E38B1E9E139D40A3EA9EA5A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.636 634 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..2024/11/25-19:09:23.658 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):111
                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                            MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                            SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                            SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                            SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000001.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):61
                                                                                                                                                            Entropy (8bit):3.7273991737283296
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                            MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                            SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                            SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                            SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:*...#................version.1..namespace-..&f...............

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):379
                                                                                                                                                            Entropy (8bit):5.245137158641766
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXk/HM1CN23oH+TcwtzjqEKj0QM72KLlVApXq04q2PCN23oH+TcwtzjqEKj0Qe:gFMMYebvqB6LoFq04v1YebvqBZFUv
                                                                                                                                                            MD5:C283E341647D67E4A8398AE26186659A
                                                                                                                                                            SHA1:82DF8B348766917FCBB086D68046185B1EB1FF9A
                                                                                                                                                            SHA-256:10F0A38CC084C7EA8A61F20B317FB85BE253016BA13FF1683ADF4A8BD8D27EBE
                                                                                                                                                            SHA-512:55E030461B8B65247B4FD27205B4565FD03E19802251A254D227557768E6BE799885082F4181F968E190CC9994573C79C247A0E6E447CFC8638340FD12B2E8EF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.776 634 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage since it was missing..2024/11/25-19:09:23.831 634 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\MANIFEST-000001

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):41
                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\a15f679b-8cd7-4525-b2df-8f1410f83577.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):111
                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                            MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                            SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                            SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                            SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2095
                                                                                                                                                            Entropy (8bit):6.261067184731311
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:ika17NpmKOTWzdTYRV+ETlht4l9EpmPL1lyTJZlliIipmPL1l9DTJ3:ika15pROTWzqRAqlP4lepwxlIfl3ipwz
                                                                                                                                                            MD5:744682B73393FF3779FE78848F66FF2F
                                                                                                                                                            SHA1:E870F8FBE85C21410E435DD257465BA926B46907
                                                                                                                                                            SHA-256:4C646038D798DB76535F1F3A5DA7E4D6F531B22F61511627A4BBF088A9D0FA70
                                                                                                                                                            SHA-512:338CAB52ABFA3638B8743F72943263C4E01CA33208266E57EB91C28CA4F08231CEA71883369CB8CDF802CB8247ED0ACB2618030C997E3649B035235612C55A52
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...n'................_mts_schema_descriptor.....F..................F.................3k.)................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==]..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.. .(.0..........8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=R..'device_info-dt-oQxBx3XB+LeESt8u9/Z/2A==....oQxBx3XB+LeESt8u9/Z/2A==..To Be Filled By O.E.M..."QChrome WIN 93.0.961.52 (55ddfa3ef850523eea11b31f81b5facebd8934c3) channel(stable)*.93.0.961.52:$d14a0d0c-703a-47a1-a1a4-158e21707eb4@...../J...Z.To Be Filled By O.E.M.b.To Be Filled By O.E.M.h..r..........93.0.961.52$nd i................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.b.Z................'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==}..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.$4825df59-2fc2-4a0b-a2d5-569bbcb87906.. .(.0...../8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=..device_info-GlobalMetadata@.........J..|..... .*.oQxBx3X

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):325
                                                                                                                                                            Entropy (8bit):5.2529577416137725
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXgWs4q2PCN23oH+TcwtpIFUt8YApXgWsJZmw+YApXgWsDkwOCN23oH+TcwtaQ:gFgW/v1YebmFUt87FgWy/+7FgW+5eYev
                                                                                                                                                            MD5:BB0C88F8A6CB0EBCB1CF6FB93EBE04B9
                                                                                                                                                            SHA1:E48A15177D9D80F2A2FBC305907C6ECDAFF4F6FF
                                                                                                                                                            SHA-256:423DF9E5B709D27CEE2000E034DEABA86521A439692CDB3FE9614A31E9C9F0CC
                                                                                                                                                            SHA-512:42DF7D237C4F06880D8B1BC70E7D733A786C5A9D40CBD1CF3FF4C4B8DE4FB436448E7E937626ADED263756D96D76B063B428C7C3D58ECDD409F019C638AE7361
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.483 3f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-19:09:23.483 3f4 Recovering log #3.2024/11/25-19:09:23.483 3f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):325
                                                                                                                                                            Entropy (8bit):5.2529577416137725
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXgWs4q2PCN23oH+TcwtpIFUt8YApXgWsJZmw+YApXgWsDkwOCN23oH+TcwtaQ:gFgW/v1YebmFUt87FgWy/+7FgW+5eYev
                                                                                                                                                            MD5:BB0C88F8A6CB0EBCB1CF6FB93EBE04B9
                                                                                                                                                            SHA1:E48A15177D9D80F2A2FBC305907C6ECDAFF4F6FF
                                                                                                                                                            SHA-256:423DF9E5B709D27CEE2000E034DEABA86521A439692CDB3FE9614A31E9C9F0CC
                                                                                                                                                            SHA-512:42DF7D237C4F06880D8B1BC70E7D733A786C5A9D40CBD1CF3FF4C4B8DE4FB436448E7E937626ADED263756D96D76B063B428C7C3D58ECDD409F019C638AE7361
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.483 3f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-19:09:23.483 3f4 Recovering log #3.2024/11/25-19:09:23.483 3f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):131072
                                                                                                                                                            Entropy (8bit):0.004472050516679893
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:ImtVfx7Vtlvh5qtl:IiV5xZ5q
                                                                                                                                                            MD5:CE15724D2521C8067BC77BE735077D3E
                                                                                                                                                            SHA1:73D2EDDFD1DAB016EA149FC268FC69B572B69B9F
                                                                                                                                                            SHA-256:FAFE2B54CCDCDC488E94AD8D1BBF0F578F9505BEA6339B5C230085A09E89D702
                                                                                                                                                            SHA-512:B2CD48D2611E9EF127E58B6D2AC20F4C9A371018CEF3603BBE7BFC8CFF255EC816EDC06F94153996993DD0CA119CDA6FA5F90D9EFDC812E8625FAAC042156FEC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VLnk.....?........>.EFb(................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 8, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):122880
                                                                                                                                                            Entropy (8bit):1.1270069299941012
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:sV+4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWUsVusE6:sV+4n/9p/39J6hwNKRmqu+3VusE
                                                                                                                                                            MD5:A0809345D97723CD4173E27957D88904
                                                                                                                                                            SHA1:0F591E66F05A0422B8FC81A5B0AB6099A6C9A226
                                                                                                                                                            SHA-256:3CA1D9E735A21DF7A4C6CC6272F5754B1EBD6DC79AC4E3E61E3562B4E71FE36E
                                                                                                                                                            SHA-512:7BA1223D04BBA47F0D579FD47654773EAEF2A41BC53BC0323F84095F19CE04A0084AB58F999B6A3ED61F33A87B2142E07AF0493F14EAA307985EC2BA44997617
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b9e1f674-ecd2-4d85-9b42-f4693899a383.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8438
                                                                                                                                                            Entropy (8bit):4.97883442547524
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:s7OTNk9jPcAWMdkraouYI3+uO3uOwuihg4lnhm9:s7OTNk9jPcAWMdIaoVIC4yH9
                                                                                                                                                            MD5:379CA16FEF9072E1A208B074486FBD76
                                                                                                                                                            SHA1:2CE935244251EC2120D5D22FE077D799EBCB18BF
                                                                                                                                                            SHA-256:8AC905E5D4C71708BCD8B51ECAAD23C486FF2E43712E6E7F847C21B510574F95
                                                                                                                                                            SHA-512:613331119121CE72FFB3A578C1FD27900B9512B463CE48BAF900B52D929EE10B167FA02A127CC42913B427961C094445C3D80EC8C7B2B3258FB37A3C410BF43B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_info":[],"account_tracker_service_last_update":"13377053363596925","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles":{"browser_name":6,"is_AutoFillFormData_imported":true,"is_Cookies_imported":true,"is_Extensions_imported":true,"is_Favorite_imported":true,"is_History_imported":true,"is_Payments_imported":true,"is_SavedPasswords_imported":true,"is_Settings_imported":true,"source_path":"C:\\Users\\user\\AppData\\Local\\Packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default"}},"imported_default_search_engine":"https://www.bing.com/search?q={searchTerms}&FORM={referrer:source}"},"autocomplete":{"retention_policy_last_version":94},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_norm

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):45056
                                                                                                                                                            Entropy (8bit):0.6109514863778095
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TS4UYP5/ZrK/AxH1Aj5sAFWZmasamfDsCBjy8zBNEiT/e+s6kxHwXhEz81+sLtbv:TtUYVAKAFXX+8vTG+s6kEGW+sLupcEc
                                                                                                                                                            MD5:DB94AE878104231F6364AFF6ADBC45D0
                                                                                                                                                            SHA1:A73CB81011CFA41B21DFB2BD1E9EBAA1CAD51FBC
                                                                                                                                                            SHA-256:D769AE6283E43F67C6C593D7E30332B7684A79AFCD9785007F1CBF7566C7574E
                                                                                                                                                            SHA-512:552B6DB621E18F97AAA4BD62EDF7480EB1623A4E7BE2BC017C9A13F53A01627272E7FB40A0F3A2577B052AF05FD4B5EB83BF139EC6C46BB5C89E6D1CBB1CDC3F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}.................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):32768
                                                                                                                                                            Entropy (8bit):0.039079505879562035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Gtl5/8NlTkP51qvF4l5/8NlTkP51qvZX/URa9//DllFlnl/telfl6ll:GtoNlTfd4oNlTfBX889XDl/c
                                                                                                                                                            MD5:DDF45611A135FB3D5BE1C50050A1890E
                                                                                                                                                            SHA1:0503F72347120BA3822E55C9CD00EFA43601684F
                                                                                                                                                            SHA-256:8B50E35BC276C1A3243D1281213844064DEE74806834E52BD8E18700B56A3C39
                                                                                                                                                            SHA-512:2213831BAD95133176630DBEE7F38ADF82A6AC76EF4A5CD2597F5E73377764B97927DE6AA5A9557D1FBC56176F8A62D53DF7C140F5CC6EC475FE427E7A14ACAE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..-.....................4...v..v...n$....v.......-.....................4...v..v...n$....v.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16512
                                                                                                                                                            Entropy (8bit):0.6215500047660214
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:KsL7JBOWE2LT4Sx/25+s65i2jYqAJt63OlSx0f5i2IIzM2tnz81+sLtMIzAh:KK1BNEiT/e+s6kxtGXhUz81+sLtMIA
                                                                                                                                                            MD5:D1F72D8250250B2B44C7F15EF6B44306
                                                                                                                                                            SHA1:A8DE842A8844C9200B130B8C979E55A8202767B0
                                                                                                                                                            SHA-256:E064CDE59F19B852DD9D5AB49A6B90DA80D17ECBD8F0FF9C1A3EB23328A56E9B
                                                                                                                                                            SHA-512:33313691B5DBB7659B91DD9CF2A31A6E5E6AC16EDBC86183F41426CBDBF9ED3388E87A5B4AB6BA99718807CBC368CA845DEE79BB6658341C35DF085DB70E9FA3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:7....-..........v...n$..~...............v...n$...I.t.-.l...........c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):324
                                                                                                                                                            Entropy (8bit):5.2182403825273065
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXNN9+q2PCN23oH+TcwtfrK+IFUt8YApXGJZmw+YApXG9VkwOCN23oH+TcwtfR:gFN3+v1Yeb23FUt87Fw/+7FgV5eYeb3J
                                                                                                                                                            MD5:8B3F699CCB6F5558CA6AFC3D3340BB49
                                                                                                                                                            SHA1:BA2FAB9D2AFB35DDEFF20B7804B368383537B2B0
                                                                                                                                                            SHA-256:78C7F31D88A34A7D12F2650BA5A4AE6989FD79018C455A17591ABFA7B4B4BEE1
                                                                                                                                                            SHA-512:96B9F461EC10AE2DD8A8C6AC4FC9A257F5F26E764E11F50FFC1C469C9706A3B26FF96099F04852E0B0049006A301DC83478B63D5296C6BEBDE062B90FDF59D5A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.613 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-19:09:23.614 1e2c Recovering log #3.2024/11/25-19:09:23.614 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):324
                                                                                                                                                            Entropy (8bit):5.2182403825273065
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXNN9+q2PCN23oH+TcwtfrK+IFUt8YApXGJZmw+YApXG9VkwOCN23oH+TcwtfR:gFN3+v1Yeb23FUt87Fw/+7FgV5eYeb3J
                                                                                                                                                            MD5:8B3F699CCB6F5558CA6AFC3D3340BB49
                                                                                                                                                            SHA1:BA2FAB9D2AFB35DDEFF20B7804B368383537B2B0
                                                                                                                                                            SHA-256:78C7F31D88A34A7D12F2650BA5A4AE6989FD79018C455A17591ABFA7B4B4BEE1
                                                                                                                                                            SHA-512:96B9F461EC10AE2DD8A8C6AC4FC9A257F5F26E764E11F50FFC1C469C9706A3B26FF96099F04852E0B0049006A301DC83478B63D5296C6BEBDE062B90FDF59D5A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.613 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-19:09:23.614 1e2c Recovering log #3.2024/11/25-19:09:23.614 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):482
                                                                                                                                                            Entropy (8bit):3.9553035680156614
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:G0Xtqcsqcva3mF2lHSenmF2lH+l1m8Bc3mtD4tmF2llemF2lq3m8qPmt761m9yKJ:G0nYvaZyGVC43oqn624Mtxjx4s
                                                                                                                                                            MD5:1D57238A387C249ABAB62C1D7D17C8C0
                                                                                                                                                            SHA1:C0B2F6FD2B7584B216018F8D90D88C8F4D4AC3BB
                                                                                                                                                            SHA-256:AF7A0E2C082701BA6DEE265F40590BE9531914787C34F8A8767B7D70DCFE56B1
                                                                                                                                                            SHA-512:053B5690186BB190211DA9D38F6BF758AEB345AD3DD9381AB29A426989E9832EC99A23D8E3E10BCA6AB2DB3D79450AE9AB7E197638895D390D44106CD068DA3D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... ....Q.................20_.........................20_......w...................19_.....u....................18_.........................20_...../...................20_......@C1.................19_......8lS.................18_........h.................21_.....<..[.................9_......~z..................21_.....r....................9_.....m...................__global... ....[.................__global... .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):342
                                                                                                                                                            Entropy (8bit):5.193482911511331
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXrSN+q2PCN23oH+TcwtfrzAdIFUt8YApXrSZZmw+YApXrSNVkwOCN23oH+Tc/:gFri+v1Yeb9FUt87Frm/+7FriV5eYebS
                                                                                                                                                            MD5:D296E02F2B98F89A9FB4708899E5787F
                                                                                                                                                            SHA1:FB873BC21C7D9F76D7C341C27EB738E582CF48B3
                                                                                                                                                            SHA-256:376F786075379057705B686E497D914FD6F6447A79017F03424F40816092B3BB
                                                                                                                                                            SHA-512:740BD718DBB0A9471F5A2A04054E2F1F83CBD88668853C1EF39B724BEF6F6CDE6671492720EBC326C1E820CD9F62079BBBF1FBECBD28F8E632DC90BE5738BB8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.611 12dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-19:09:23.611 12dc Recovering log #3.2024/11/25-19:09:23.611 12dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):342
                                                                                                                                                            Entropy (8bit):5.193482911511331
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:HApXrSN+q2PCN23oH+TcwtfrzAdIFUt8YApXrSZZmw+YApXrSNVkwOCN23oH+Tc/:gFri+v1Yeb9FUt87Frm/+7FriV5eYebS
                                                                                                                                                            MD5:D296E02F2B98F89A9FB4708899E5787F
                                                                                                                                                            SHA1:FB873BC21C7D9F76D7C341C27EB738E582CF48B3
                                                                                                                                                            SHA-256:376F786075379057705B686E497D914FD6F6447A79017F03424F40816092B3BB
                                                                                                                                                            SHA-512:740BD718DBB0A9471F5A2A04054E2F1F83CBD88668853C1EF39B724BEF6F6CDE6671492720EBC326C1E820CD9F62079BBBF1FBECBD28F8E632DC90BE5738BB8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2024/11/25-19:09:23.611 12dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-19:09:23.611 12dc Recovering log #3.2024/11/25-19:09:23.611 12dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):45056
                                                                                                                                                            Entropy (8bit):0.2975361124918859
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:dRdu/EiHyI+Ra82/CLFdR2vGD/SJ0Yvae5WkE8txuEyGkGTm4rkCdpWEEVVo0g8v:wx9F1IohSdesk9xXytGACtQVjmBa
                                                                                                                                                            MD5:22546422BF75A4EE30E03B69D90E9DF5
                                                                                                                                                            SHA1:665BF967C4CE9BC26542AFAEE4CD9438E07DE9A8
                                                                                                                                                            SHA-256:F3890059F6CE7F39CB1845DD919079680959F9FBBC72060DE39C2AC7B23C0434
                                                                                                                                                            SHA-512:F99679D0C48F4C79D01FAD662B8F9763214A8E4F523FBEC04F5889F948B2A5493812E17D8838DCE3059B0E578AABE918EFE65FADA1E336A274E2CFD3A21F93D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...).......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.4859886077304933
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:VZvIS9IS5e0ISSUFISSIIS6ISpyISpwIS8RISeISpISmW+ISOoIS8ZIS8lIS5Ela:VZizD4hmTdnVy
                                                                                                                                                            MD5:6C25E867B515517774BB0C09FB455BD4
                                                                                                                                                            SHA1:47C486FC6B2921AA8E87BFE4AC0DBB28BBF4A2D9
                                                                                                                                                            SHA-256:69993F0996A6FCEFC1606AFD0DDBD3EE806FA46D9A862840D5747DC3F56FAF82
                                                                                                                                                            SHA-512:07A51C9632C00C58A1D2002DA6896DB6C09A3FEFBCBE732BCEDF09964699075B5627D2DB053D27406FDBDE027E47DC8DE4C8E8B277FC04EEDD520312329A9B3E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:................*...................................................................w......7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11
                                                                                                                                                            Entropy (8bit):2.59490661824394
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:gem3:gL3
                                                                                                                                                            MD5:E60DFE28E77A79CD2CAA4F53BD711995
                                                                                                                                                            SHA1:2A150938498D9778DAF21F87B3E52ABDD4084716
                                                                                                                                                            SHA-256:D5E1FB030857E079A8FD6811C81BF756D23CED9AF5DC299354C88F89B763415E
                                                                                                                                                            SHA-512:B2ED5D4C3EEB946C2C869988E227ACD771614D559E1C108578546AA919E74251B92C7A1241D5E113018AB20A4295BBBCC12B7C520FB1C13DB242EC1B02B74F43
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:94.0.992.31

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14947
                                                                                                                                                            Entropy (8bit):5.62661156108959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeIFOq8y9QIKf+qNrB:/IuERzA83h09RZxOq8y9QIKfHNd
                                                                                                                                                            MD5:70B081E38A9BE6320E9DD41C3601076C
                                                                                                                                                            SHA1:D36666D330F30DF303D847A5A164CB33D6AC711B
                                                                                                                                                            SHA-256:C50261284F8784B77032AD21E3D16B608730AC87830143BC9F3F41A03733C5C8
                                                                                                                                                            SHA-512:F3201039E46374028C56E23B2A750AA8D581770256E5DF29BEB585C4A3DF5218BAB180776F99BCE9653195AAE4666A2323A097AE68BAF995AA38B33D90C20F71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RFdd128b.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14947
                                                                                                                                                            Entropy (8bit):5.62661156108959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeIFOq8y9QIKf+qNrB:/IuERzA83h09RZxOq8y9QIKfHNd
                                                                                                                                                            MD5:70B081E38A9BE6320E9DD41C3601076C
                                                                                                                                                            SHA1:D36666D330F30DF303D847A5A164CB33D6AC711B
                                                                                                                                                            SHA-256:C50261284F8784B77032AD21E3D16B608730AC87830143BC9F3F41A03733C5C8
                                                                                                                                                            SHA-512:F3201039E46374028C56E23B2A750AA8D581770256E5DF29BEB585C4A3DF5218BAB180776F99BCE9653195AAE4666A2323A097AE68BAF995AA38B33D90C20F71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RFdd12aa.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14947
                                                                                                                                                            Entropy (8bit):5.62661156108959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeIFOq8y9QIKf+qNrB:/IuERzA83h09RZxOq8y9QIKfHNd
                                                                                                                                                            MD5:70B081E38A9BE6320E9DD41C3601076C
                                                                                                                                                            SHA1:D36666D330F30DF303D847A5A164CB33D6AC711B
                                                                                                                                                            SHA-256:C50261284F8784B77032AD21E3D16B608730AC87830143BC9F3F41A03733C5C8
                                                                                                                                                            SHA-512:F3201039E46374028C56E23B2A750AA8D581770256E5DF29BEB585C4A3DF5218BAB180776F99BCE9653195AAE4666A2323A097AE68BAF995AA38B33D90C20F71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RFdd1308.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14947
                                                                                                                                                            Entropy (8bit):5.62661156108959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeIFOq8y9QIKf+qNrB:/IuERzA83h09RZxOq8y9QIKfHNd
                                                                                                                                                            MD5:70B081E38A9BE6320E9DD41C3601076C
                                                                                                                                                            SHA1:D36666D330F30DF303D847A5A164CB33D6AC711B
                                                                                                                                                            SHA-256:C50261284F8784B77032AD21E3D16B608730AC87830143BC9F3F41A03733C5C8
                                                                                                                                                            SHA-512:F3201039E46374028C56E23B2A750AA8D581770256E5DF29BEB585C4A3DF5218BAB180776F99BCE9653195AAE4666A2323A097AE68BAF995AA38B33D90C20F71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):4
                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:En:En
                                                                                                                                                            MD5:988E5DBB5474C0245B3692EE2019390C
                                                                                                                                                            SHA1:2331A8951E3EB1BC59216E959C2C2A75B5966876
                                                                                                                                                            SHA-256:17A56AE2225F44C27A46FB9D95AEF86BA4983E83CA84861B0E1BDD0D32787B60
                                                                                                                                                            SHA-512:5C7AF7E660F8CD5DC36CF6CE088AD4118CCA5ADF53B3EE463EACC5D883B50955902B9478AB23BEC0C1EA2717A3477C1E253F51AF44F62A0E9D79363823144928
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:449.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ef497808-2de1-48ff-ad04-2baa39b9b9a0.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14947
                                                                                                                                                            Entropy (8bit):5.62661156108959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:U9iIuERzA83h09RZxeIFOq8y9QIKf+qNrB:/IuERzA83h09RZxOq8y9QIKfHNd
                                                                                                                                                            MD5:70B081E38A9BE6320E9DD41C3601076C
                                                                                                                                                            SHA1:D36666D330F30DF303D847A5A164CB33D6AC711B
                                                                                                                                                            SHA-256:C50261284F8784B77032AD21E3D16B608730AC87830143BC9F3F41A03733C5C8
                                                                                                                                                            SHA-512:F3201039E46374028C56E23B2A750AA8D581770256E5DF29BEB585C4A3DF5218BAB180776F99BCE9653195AAE4666A2323A097AE68BAF995AA38B33D90C20F71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\086819ab-60d6-4f1c-b52f-3fa82cd4fb55.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2028
                                                                                                                                                            Entropy (8bit):5.31949422106325
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YnOBhmo05fdCbsDFsrksiRcvBIIVFvRXPGUse4Wnhy:BjMfdHJsrksnvuiJXPGze4mhy
                                                                                                                                                            MD5:1B5764D83B195BE9B0B099E0C4B99FF0
                                                                                                                                                            SHA1:B803F48EB103DE1CF60855F1E255BE285B81826E
                                                                                                                                                            SHA-256:82A7BC2F348E523E7FF6A5C2FD8B5A168FAE303D387C9BA6E8B284508E6A6670
                                                                                                                                                            SHA-512:F3E63F5C1EA0B791E030D8679A13AAA3AC9CC48D96721D8D51519173F9B1A1A2EF6481FD1F9AEE764D4FB831A53455346B7ECAB639F39967B31E5B4385CC5120
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAA46okGcCYW6eUAWoxmcdOfa9MheTEpUZ85GDyzl8rGIkAAAAADoAAAAACAAAgAAAAS7uFdKbPNhTmcgMzhEvQfnBW5oHYMHIHV5M1k/0EhWMwAAAAUIsy7Nebh0inCsc4xjO/51stU3Vte7HhvlEPS2o/VRL+rJZ9gvtbQqOHpzE6YbHgQAAAAPizuKeRXQawx0xbLUx0Oy/6LqA3Yf7QDpuYf7Ws0jy7nWCp5XIMHu33f2A/+g8VfFkT42FFDHQ5DzI9CHQmdcc="},"policy":{"last_statistics_update":"13377053362886303"},"profile":{"info_cache":{},"profile_counts_reported":"13377053362710089"},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_cli

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\300eb076-182c-45e6-af4f-6c6dcc419a4d.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2030
                                                                                                                                                            Entropy (8bit):5.320820065742769
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YnOBhmo05fdCbsDFsrksZRcvBIIVFvRXPGUse4Wnhy:BjMfdHJsrksQvuiJXPGze4mhy
                                                                                                                                                            MD5:9F815203E073DDDE974332373AF39A81
                                                                                                                                                            SHA1:391142663394E11A01B91047C0B07FE17126ED99
                                                                                                                                                            SHA-256:58C1808817D0BA05318856B7AC9DEA93F3561A4183CD25EAEEE754F494466270
                                                                                                                                                            SHA-512:6908C0884186D2127266F6A706D52D5487D63FD6BB1044FBD24DF3DBB080DD5E38A1EEAD3A900B6B5DD791C3925884A03741C2398B7F9E63B7C4E3A51E91107D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAA46okGcCYW6eUAWoxmcdOfa9MheTEpUZ85GDyzl8rGIkAAAAADoAAAAACAAAgAAAAS7uFdKbPNhTmcgMzhEvQfnBW5oHYMHIHV5M1k/0EhWMwAAAAUIsy7Nebh0inCsc4xjO/51stU3Vte7HhvlEPS2o/VRL+rJZ9gvtbQqOHpzE6YbHgQAAAAPizuKeRXQawx0xbLUx0Oy/6LqA3Yf7QDpuYf7Ws0jy7nWCp5XIMHu33f2A/+g8VfFkT42FFDHQ5DzI9CHQmdcc="},"policy":{"last_statistics_update":"13377053362886303"},"profile":{"info_cache":{},"profile_counts_reported":"13377053362710089"},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":106},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_c

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\BrowserMetrics\BrowserMetrics-674511B1-1500.pma

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                            Entropy (8bit):0.019482055596808996
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:b+wCbw79PiMn7BZ0Cp07ieJI9Zy7t09HV0DWcV1iGmz95saBQW8yUtFHVP8sFOhi:dpDk03/siJhGaBVc8WDJXV1
                                                                                                                                                            MD5:1B5D0EF2CC9B4EAACCA0EB148E8AE864
                                                                                                                                                            SHA1:56EB84495A98082FFE4280CF511EEEA76A40959E
                                                                                                                                                            SHA-256:55B71AFB75465CA209FB3743E91A7199DA6E7275D52A8AA8BC3BB6AF1AC96E2A
                                                                                                                                                            SHA-512:D778CBA71CE82831076E7E9D8C360366CC9A9C56571010A6214087EF254844E257047E3E5176928EEB30206BB3A8FEE918CCA652BE0DB8D3EB37E0C4220BC4B4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...@..@...@.....C.].....@...............05...4..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..|.......".To Be Filled By O.E.M....x86_64P....................7.>.2...:.........................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\Crashpad\settings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):152
                                                                                                                                                            Entropy (8bit):2.8498597673274837
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Fg/fltlZWbX/UrGVbWIbdEX67Al/t:qf16UrCbWudE0At
                                                                                                                                                            MD5:3A4A3BDDFB16B0745E97974863C302AF
                                                                                                                                                            SHA1:8D1F1812CCC191117DC07E8719C4266CA749AE4D
                                                                                                                                                            SHA-256:63DAAE5F5DFAE8924A14C26A42AB44F4297205DADDFBC476B48287DD90965FA3
                                                                                                                                                            SHA-512:3B9CF52539AF08727D0B09F0E68DC0FC6F693F8C8D7830905281321332F91CFE7C2232375C494D9A9F6B349A47C40032042EFB4AAA29D78A1E3F26896C330B7A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:sdPC.......................b...C.......................................................................44c613a0-0c07-45fb-b4c6-73d8a205bfbe............

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\GrShaderCache\GPUCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\GrShaderCache\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\GrShaderCache\GPUCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\GrShaderCache\GPUCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\GrShaderCache\GPUCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.629307656487099E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsFl0laK+S:LsFKa
                                                                                                                                                            MD5:F2BD4158102EE6C55E88EA9F1019FEC3
                                                                                                                                                            SHA1:7F4FFC49FB9A67431E79E7FD16FBC39AC9B500DE
                                                                                                                                                            SHA-256:7A042E4F2D4238FE2B69F49758A748FC3A17A0FFE45F7CD602D4F539E64BB232
                                                                                                                                                            SHA-512:05769961F34D9F18836327AC6120FD63F97B9A9A98A7C35E495903A2F097319C9A1D9178CA62120E4DBF9871EE41F644C5457A0FDA8E96656B0BB0090AF87567
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................Mr..[./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\Last Version

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11
                                                                                                                                                            Entropy (8bit):2.59490661824394
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:gem3:gL3
                                                                                                                                                            MD5:E60DFE28E77A79CD2CAA4F53BD711995
                                                                                                                                                            SHA1:2A150938498D9778DAF21F87B3E52ABDD4084716
                                                                                                                                                            SHA-256:D5E1FB030857E079A8FD6811C81BF756D23CED9AF5DC299354C88F89B763415E
                                                                                                                                                            SHA-512:B2ED5D4C3EEB946C2C869988E227ACD771614D559E1C108578546AA919E74251B92C7A1241D5E113018AB20A4295BBBCC12B7C520FB1C13DB242EC1B02B74F43
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:94.0.992.31

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\Local State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2028
                                                                                                                                                            Entropy (8bit):5.31949422106325
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YnOBhmo05fdCbsDFsrksiRcvBIIVFvRXPGUse4Wnhy:BjMfdHJsrksnvuiJXPGze4mhy
                                                                                                                                                            MD5:1B5764D83B195BE9B0B099E0C4B99FF0
                                                                                                                                                            SHA1:B803F48EB103DE1CF60855F1E255BE285B81826E
                                                                                                                                                            SHA-256:82A7BC2F348E523E7FF6A5C2FD8B5A168FAE303D387C9BA6E8B284508E6A6670
                                                                                                                                                            SHA-512:F3E63F5C1EA0B791E030D8679A13AAA3AC9CC48D96721D8D51519173F9B1A1A2EF6481FD1F9AEE764D4FB831A53455346B7ECAB639F39967B31E5B4385CC5120
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAA46okGcCYW6eUAWoxmcdOfa9MheTEpUZ85GDyzl8rGIkAAAAADoAAAAACAAAgAAAAS7uFdKbPNhTmcgMzhEvQfnBW5oHYMHIHV5M1k/0EhWMwAAAAUIsy7Nebh0inCsc4xjO/51stU3Vte7HhvlEPS2o/VRL+rJZ9gvtbQqOHpzE6YbHgQAAAAPizuKeRXQawx0xbLUx0Oy/6LqA3Yf7QDpuYf7Ws0jy7nWCp5XIMHu33f2A/+g8VfFkT42FFDHQ5DzI9CHQmdcc="},"policy":{"last_statistics_update":"13377053362886303"},"profile":{"info_cache":{},"profile_counts_reported":"13377053362710089"},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_cli

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\Local State~RFdd0f9d.TMP (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:JSON data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2028
                                                                                                                                                            Entropy (8bit):5.31949422106325
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YnOBhmo05fdCbsDFsrksiRcvBIIVFvRXPGUse4Wnhy:BjMfdHJsrksnvuiJXPGze4mhy
                                                                                                                                                            MD5:1B5764D83B195BE9B0B099E0C4B99FF0
                                                                                                                                                            SHA1:B803F48EB103DE1CF60855F1E255BE285B81826E
                                                                                                                                                            SHA-256:82A7BC2F348E523E7FF6A5C2FD8B5A168FAE303D387C9BA6E8B284508E6A6670
                                                                                                                                                            SHA-512:F3E63F5C1EA0B791E030D8679A13AAA3AC9CC48D96721D8D51519173F9B1A1A2EF6481FD1F9AEE764D4FB831A53455346B7ECAB639F39967B31E5B4385CC5120
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAA46okGcCYW6eUAWoxmcdOfa9MheTEpUZ85GDyzl8rGIkAAAAADoAAAAACAAAgAAAAS7uFdKbPNhTmcgMzhEvQfnBW5oHYMHIHV5M1k/0EhWMwAAAAUIsy7Nebh0inCsc4xjO/51stU3Vte7HhvlEPS2o/VRL+rJZ9gvtbQqOHpzE6YbHgQAAAAPizuKeRXQawx0xbLUx0Oy/6LqA3Yf7QDpuYf7Ws0jy7nWCp5XIMHu33f2A/+g8VfFkT42FFDHQ5DzI9CHQmdcc="},"policy":{"last_statistics_update":"13377053362886303"},"profile":{"info_cache":{},"profile_counts_reported":"13377053362710089"},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_cli

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\ShaderCache\GPUCache\data_0

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.01057775872642915
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsFl:/F
                                                                                                                                                            MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                            SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                            SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                            SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\ShaderCache\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):8.280239615765425E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                            MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                            SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                            SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                            SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\ShaderCache\GPUCache\data_2

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.011852361981932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsHlDll:/H
                                                                                                                                                            MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                            SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                            SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                            SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\ShaderCache\GPUCache\data_3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.012340643231932763
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsGl3ll:/y
                                                                                                                                                            MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                            SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                            SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                            SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\ShaderCache\GPUCache\index

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):262512
                                                                                                                                                            Entropy (8bit):9.629307656487099E-4
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:LsFl0lxh/:LsFK
                                                                                                                                                            MD5:0E33FED5330B7FDAA0A908C635F5362F
                                                                                                                                                            SHA1:26DF94543D490AE091EC55EEF59C647AE0678006
                                                                                                                                                            SHA-256:AEB61960BAED4CCA5FC360D79CF92BF7F017CDABFD7E50F74C31AA470C487DE9
                                                                                                                                                            SHA-512:9A7AEF3D13B56D99599A48DCA5BF771CA75FB9683970A4E9E923FDBA2F8ED3EC1218DD379AA47205FE60D95600B4D46E617D454B186F5C5AF7B4F6E3B4690016
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............................................[./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\cache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:COM executable for DOS
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):184
                                                                                                                                                            Entropy (8bit):0.6472473490380266
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:s3lt/elaaRH:sVwpH
                                                                                                                                                            MD5:24127606DAC5CC6142848B0387A3AFB6
                                                                                                                                                            SHA1:2DD825CBA2DED5F73DE2F70D3056764788D6B3CD
                                                                                                                                                            SHA-256:7680B8117DCE679EAF37A1C4670506FDA78781CFCD994295B5108DB18FBBC3A8
                                                                                                                                                            SHA-512:0C37B62B580255716371554CD47A1D7AA15A92B5376FF66D42CACF1E2FD95C027E7F8781231C4B0D9CCC17521A94F1E719CFD2307853D6D7D72DD8155BA6868B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: rPO3799039985.exe, Detection: malicious, Browse
                                                                                                                                                            Preview:..............@?........................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\download_cache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:COM executable for DOS
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):184
                                                                                                                                                            Entropy (8bit):0.6472473490380266
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:s3lt/elaaRH:sVwpH
                                                                                                                                                            MD5:24127606DAC5CC6142848B0387A3AFB6
                                                                                                                                                            SHA1:2DD825CBA2DED5F73DE2F70D3056764788D6B3CD
                                                                                                                                                            SHA-256:7680B8117DCE679EAF37A1C4670506FDA78781CFCD994295B5108DB18FBBC3A8
                                                                                                                                                            SHA-512:0C37B62B580255716371554CD47A1D7AA15A92B5376FF66D42CACF1E2FD95C027E7F8781231C4B0D9CCC17521A94F1E719CFD2307853D6D7D72DD8155BA6868B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: rPO3799039985.exe, Detection: malicious, Browse
                                                                                                                                                            Preview:..............@?........................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE53C.tmp\SmartScreen\local\warnStateCache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):72
                                                                                                                                                            Entropy (8bit):1.23900521981086
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MlwlaaRX:kwpX
                                                                                                                                                            MD5:3F66F244278461DD07A3FEB77A17712F
                                                                                                                                                            SHA1:8D570B550699AD0F248EC98B5D678F54248C0A84
                                                                                                                                                            SHA-256:203CE5C7C1680C6E98F5CECA920E9D904122A9E26A743191E9B0FE1F6584ED60
                                                                                                                                                            SHA-512:8D4733222E2E0BBC18370055D0602D0389E7A562887E97B2E54073017FFEA024E9B1341ED95E28883861EF5E0D4FA9D27ED0894912FFE167632AED2E4CF53E7D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:H.......0.....@?........................................................

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Entropy (8bit):6.408270109780033
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:download.exe
                                                                                                                                                            File size:449'536 bytes
                                                                                                                                                            MD5:42131ad9cd6ff5801461b1071581a091
                                                                                                                                                            SHA1:8b14015ad7e0c90a41e6f6bd00e9c849b1a9e6ab
                                                                                                                                                            SHA256:72502d27fda56e265bb8ced8b4735df100bb300b783269a4e5e7bc936e154b2e
                                                                                                                                                            SHA512:84da6d3823a770f42a530b0a6b63438aefea46e61572227b9ce83f14beee03e4d7669c4fb44552c8809cec44bf1a59cb955676fc4618203e36c3a6bc9e67fbaa
                                                                                                                                                            SSDEEP:12288:1O7k28xC7HMDVBjfbL5S6IZ7OGQN/RutyU3ivG/Xt9:+OS6IZ7QN/R8yoaG/d
                                                                                                                                                            TLSH:2BA4AE0D55758923D2AD1AFB8C7443A1410BAC94D442893FE3CCFD5BAA2E5A397B073E
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)...)...)...).9.(...).9.)...).9.(...)Rich...).......

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:100109193979390f

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x42c7be
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x645F7B5F [Sat May 13 11:58:23 2023 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:6
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:6
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:dbd248d6a07e5b5d3562c903534448e7

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            call 00007FB0C8BED178h
                                                                                                                                                            jmp 00007FB0C8BECD4Fh
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                            push esi
                                                                                                                                                            mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                            add ecx, eax
                                                                                                                                                            movzx eax, word ptr [ecx+14h]
                                                                                                                                                            lea edx, dword ptr [ecx+18h]
                                                                                                                                                            add edx, eax
                                                                                                                                                            movzx eax, word ptr [ecx+06h]
                                                                                                                                                            imul esi, eax, 28h
                                                                                                                                                            add esi, edx
                                                                                                                                                            cmp edx, esi
                                                                                                                                                            je 00007FB0C8BECEEBh
                                                                                                                                                            mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                            cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                            jc 00007FB0C8BECEDCh
                                                                                                                                                            mov eax, dword ptr [edx+08h]
                                                                                                                                                            add eax, dword ptr [edx+0Ch]
                                                                                                                                                            cmp ecx, eax
                                                                                                                                                            jc 00007FB0C8BECEDEh
                                                                                                                                                            add edx, 28h
                                                                                                                                                            cmp edx, esi
                                                                                                                                                            jne 00007FB0C8BECEBCh
                                                                                                                                                            xor eax, eax
                                                                                                                                                            pop esi
                                                                                                                                                            pop ebp
                                                                                                                                                            ret
                                                                                                                                                            mov eax, edx
                                                                                                                                                            jmp 00007FB0C8BECECBh
                                                                                                                                                            push esi
                                                                                                                                                            call 00007FB0C8BED66Ch
                                                                                                                                                            test eax, eax
                                                                                                                                                            je 00007FB0C8BECEF2h
                                                                                                                                                            mov eax, dword ptr fs:[00000018h]
                                                                                                                                                            mov esi, 0047B194h
                                                                                                                                                            mov edx, dword ptr [eax+04h]
                                                                                                                                                            jmp 00007FB0C8BECED6h
                                                                                                                                                            cmp edx, eax
                                                                                                                                                            je 00007FB0C8BECEE2h
                                                                                                                                                            xor eax, eax
                                                                                                                                                            mov ecx, edx
                                                                                                                                                            lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                            test eax, eax
                                                                                                                                                            jne 00007FB0C8BECEC2h
                                                                                                                                                            xor al, al
                                                                                                                                                            pop esi
                                                                                                                                                            ret
                                                                                                                                                            mov al, 01h
                                                                                                                                                            pop esi
                                                                                                                                                            ret
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                            jne 00007FB0C8BECED9h
                                                                                                                                                            mov byte ptr [0047B198h], 00000001h
                                                                                                                                                            call 00007FB0C8BED457h
                                                                                                                                                            call 00007FB0C8BEE11Bh
                                                                                                                                                            test al, al
                                                                                                                                                            jne 00007FB0C8BECED6h
                                                                                                                                                            xor al, al
                                                                                                                                                            pop ebp
                                                                                                                                                            ret
                                                                                                                                                            call 00007FB0C8BF0D47h
                                                                                                                                                            test al, al
                                                                                                                                                            jne 00007FB0C8BECEDCh
                                                                                                                                                            push 00000000h
                                                                                                                                                            call 00007FB0C8BEE122h
                                                                                                                                                            pop ecx
                                                                                                                                                            jmp 00007FB0C8BECEBBh
                                                                                                                                                            mov al, 01h
                                                                                                                                                            pop ebp
                                                                                                                                                            ret
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            cmp byte ptr [0047B199h], 00000000h
                                                                                                                                                            je 00007FB0C8BECED6h
                                                                                                                                                            mov al, 01h

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x779940x28.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x7c0000x14e0.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7e0000x22f0.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x76e400x1c.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x76d800x40.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x490000x10c.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x37b430x37c00a3ce5d1b74d9a7fdb10bbc79ac59bb67False0.5332075042040358data5.890819224309986IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .textbss0x390000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .rdata0x490000x2ef9a0x2f0009b7bc7424a4d43ed6e293b7c9998d23cFalse0.6724100315824468data5.600491055068557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .data0x780000x3bd00x3200da73e17697ef6f2d089217b31748f8b7False0.386796875data5.246305031794181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .rsrc0x7c0000x14e00x16000be2f34692e06b60666da52b6b353dd1False0.2803622159090909data3.922267118104335IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x7e0000x22f00x2400e315b1b385f60fd13654749cfa124a1dFalse0.4827473958333333data6.240451194302875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_ICON0x7c0f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.2619606003752345
                                                                                                                                                            RT_GROUP_ICON0x7d1980x14dataEnglishUnited States1.1
                                                                                                                                                            RT_VERSION0x7d1b00x32cdataEnglishUnited States0.4445812807881773

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            KERNEL32.dllCloseHandle, HeapAlloc, HeapFree, GetProcessHeap, WaitForSingleObject, CreateEventW, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CreateFileW, DecodePointer

                                                                                                                                                            Possible Origin

                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                            EnglishUnited States

                                                                                                                                                            Network Behavior

                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                            2024-11-26T01:09:04.874732+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.1065980192.168.11.2049757TCP
                                                                                                                                                            2024-11-26T01:09:26.873254+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.1065980192.168.11.2051986TCP
                                                                                                                                                            2024-11-26T01:09:26.873254+01002854824ETPRO JA3 HASH Suspected Malware Related Response295.182.97.1065980192.168.11.2051986TCP
                                                                                                                                                            2024-11-26T01:09:40.113105+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.1065980192.168.11.2051987TCP
                                                                                                                                                            2024-11-26T01:09:40.113105+01002854824ETPRO JA3 HASH Suspected Malware Related Response295.182.97.1065980192.168.11.2051987TCP
                                                                                                                                                            2024-11-26T01:09:47.980901+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051988TCP
                                                                                                                                                            2024-11-26T01:09:54.587360+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051989TCP
                                                                                                                                                            2024-11-26T01:10:01.222770+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051990TCP
                                                                                                                                                            2024-11-26T01:10:07.844815+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051991TCP
                                                                                                                                                            2024-11-26T01:10:14.467577+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051992TCP
                                                                                                                                                            2024-11-26T01:10:21.095644+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051993TCP
                                                                                                                                                            2024-11-26T01:10:27.711777+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051994TCP
                                                                                                                                                            2024-11-26T01:10:34.334854+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051995TCP
                                                                                                                                                            2024-11-26T01:10:40.959583+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051996TCP
                                                                                                                                                            2024-11-26T01:10:47.585449+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051997TCP
                                                                                                                                                            2024-11-26T01:10:54.179842+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051998TCP
                                                                                                                                                            2024-11-26T01:11:00.812960+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert195.182.97.106443192.168.11.2051999TCP

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 26, 2024 01:09:03.964251995 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:04.266172886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:04.266376972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:04.266518116 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:04.567903996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:04.568650007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:04.569897890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:04.874732018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:04.881356955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.217683077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.217786074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218002081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.218077898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218554974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218642950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218657017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218730927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.218772888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218784094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.218820095 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.218952894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.229531050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.240196943 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.240458012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.250447035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.261118889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.261271954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.519721031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.525034904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.525208950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.535566092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.546281099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.546461105 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.556761980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.567310095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.567488909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.578396082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.588474989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.588644028 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.598576069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.608836889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.609024048 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.618844986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.628776073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.628952980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.638865948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.648921967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.649118900 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.658989906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.669085026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.669256926 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.679136992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.689239025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.689431906 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.699301004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.709297895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.709543943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.719383955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.729516983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.729655027 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.739550114 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.749691963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.749846935 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.827327967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.831819057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.832057953 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.840833902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.849730968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.850085974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.858782053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.867834091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.868185043 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.876679897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.885620117 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.885936975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.894766092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.903533936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.903877974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.912650108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.921504021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.921827078 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.930444002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.939438105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.939757109 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.948410034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.957319021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.957930088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.966583967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.975177050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.975498915 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:05.984102964 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.993144035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:05.993402004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.002201080 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.011214972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.011468887 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.019443035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.019505024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.019787073 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.035928965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.035989046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.036348104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.053000927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.053064108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.053302050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.068471909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.068536043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.068772078 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.083363056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.083427906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.083645105 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.097676992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.097739935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.098304033 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.112046957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.112112045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.112325907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.126056910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.126120090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.126406908 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.140450954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.140515089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.140850067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.154635906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.154697895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.154937029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.168968916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.169033051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.169240952 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.177875042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.177939892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.178219080 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.186460972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.186522961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.186774969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.195314884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.195379019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.195642948 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.204102039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.204164982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.204431057 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.212637901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.212702036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.212922096 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.221227884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.221292019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.221580029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.229737997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.229801893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.230083942 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.237931013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.237947941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.238297939 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.246536970 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.246552944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.246829987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.254515886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.254592896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.254813910 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.262734890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.262748003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.262939930 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.271251917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.271262884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.271455050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.279295921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.279395103 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.279587984 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.287534952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.287638903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.287828922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.295881987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.295972109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.296112061 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.304181099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.304191113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.304353952 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.312253952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.312277079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.312438011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.320297956 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.320355892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.320529938 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.328548908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.328610897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.328900099 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.336541891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.336601019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.336836100 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.344592094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.344650984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.344883919 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.352646112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.352709055 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.352932930 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.360202074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.360268116 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.360551119 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.367861032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.367924929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.368134022 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.375386953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.375452042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.375737906 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.382999897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.383061886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.383346081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.390711069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.390778065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.391060114 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.397877932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.397938967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.398210049 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.405186892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.405253887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.405489922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.412502050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.412561893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.412811041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.419697046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.419756889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.419981003 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.426961899 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.427020073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.427252054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.434406996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.434468985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.434665918 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.441178083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.441237926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.441448927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.448175907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.448235035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.448456049 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.455080032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.455138922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.455374956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.462286949 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.462346077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.462603092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.468908072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.468966007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.469167948 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.475740910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.475799084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.476053953 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.482572079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.482631922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.482841969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.489270926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.489330053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.489573002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.494856119 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.494925976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.495138884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.500396013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.500462055 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.500746965 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.505836010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.505901098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.506135941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.511267900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.511326075 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.511512041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.516422987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.516486883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.516768932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.521547079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.521614075 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.521882057 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.526577950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.526635885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.526849985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.531583071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.531641006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.531877995 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.536550045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.536606073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.536849022 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.541510105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.541577101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.541857004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.546447039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.546514034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.546798944 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.551121950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.551182032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.551884890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.555859089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.555918932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.556149960 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.560758114 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.560821056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.561065912 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.565251112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.565314054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.565543890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.569793940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.569858074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.570141077 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.574661016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.574724913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.575007915 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.578448057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.578507900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.578769922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.582763910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.582823038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.583014011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.587083101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.587151051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.587377071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.591519117 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.591584921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.591923952 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.595726967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.595789909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.596069098 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.599967003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.600032091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.600327969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.604015112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.604079962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.604393959 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.608047962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.608112097 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.608295918 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.611996889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.612060070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.612407923 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.616008043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.616065979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.616322041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.619944096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.620002985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.620282888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.624002934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.624064922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.624283075 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.627779961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.627839088 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.628081083 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.631629944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.631688118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.631913900 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.635498047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.635559082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.635775089 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.639242887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.639300108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.639503956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.643224955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.643287897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.643572092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.647054911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.647118092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.647404909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.650732040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.650795937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.651078939 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.654244900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.654304028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.654547930 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.657785892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.657844067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.658046961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.661562920 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.661622047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.661840916 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.665198088 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.665256977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.665474892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.668848038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.668906927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.669161081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.672713995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.672780037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.673012018 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.676232100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.676295042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.676580906 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.679579020 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.679636955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.679872036 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.683197975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.683255911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.683537960 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.686625004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.686696053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.687098980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.690535069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.690602064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.690892935 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.693531990 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.693593979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.693876982 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.696995974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.697060108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.697294950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.700249910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.700306892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.700520039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.703655958 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.703716040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.703926086 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.706978083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.707035065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.707429886 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.710469007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.710532904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.710762978 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.713536978 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.713593960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.713829994 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.717319012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.717382908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.717622042 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.721218109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.721281052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.721491098 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.723249912 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.723311901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.723541021 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.726433039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.726491928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.726875067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.729600906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.729660034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.729935884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.733386040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.733468056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.733828068 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.736099005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.736161947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.736445904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.739260912 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.739327908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.739609957 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.742254019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.742314100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.742549896 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.745223999 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.745282888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.745496035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.748406887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.748462915 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.748616934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.751398087 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.751456022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.751684904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.754434109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.754493952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.754674911 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.757617950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.757682085 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.757961035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.760468960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.760529041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.760732889 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.763542891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.763603926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.763802052 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.766377926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.766438007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.766623020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.769408941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.769495010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.769690990 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.772485018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.772548914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.772761106 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.775342941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.775408030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.775688887 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.778182983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.778248072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.778537989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.780909061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.780971050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.781197071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.783721924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.783780098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.784208059 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.786535025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.786595106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.786798954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.789388895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.789469957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.789762974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.792156935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.792215109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.792453051 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.795238018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.795300961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.795588970 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.797872066 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.797931910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.798188925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.800600052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.800657988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.801111937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.803335905 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.803400040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.803634882 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.806051016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.806112051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.806416035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.808734894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.808793068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.809029102 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.811578035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.811642885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.811877012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.814219952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.814276934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.814475060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.816761971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.816823959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.817116022 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.819351912 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.819408894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.819595098 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.822031021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.822096109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.822460890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.824668884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.824728012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.824928999 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.827522039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.827588081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.827816010 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.829875946 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.829935074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.830177069 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.832504034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.832562923 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.832806110 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.835038900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.835098028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.835575104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.837662935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.837723017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.837992907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.840086937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.840147018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.840440035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.842824936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.842881918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.843113899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.845220089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.845279932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.845468998 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.847771883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.847836018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.848057032 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.850549936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.850615025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.851030111 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.852752924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.852811098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.853060007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.855283022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.855344057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.855571032 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.857678890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.857734919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.857949972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.860121965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.860177994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.860373020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.862662077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.862720013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.862915039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.865041018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.865101099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.865322113 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.867558956 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.867619991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.867822886 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.869918108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.869976997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.870207071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.872297049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.872355938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.872473955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.874672890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.874732018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.874912977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.877042055 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.877100945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.877304077 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.879340887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.879399061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.879584074 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.881659985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.881719112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.881915092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.884042978 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.884099007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.884299994 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.886496067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.886557102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.886759996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.888636112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.888694048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.888957024 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.891020060 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.891077995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.891314030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.893280029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.893338919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.893558025 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.895534992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.895592928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.895847082 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.897959948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.898017883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.898149014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.900037050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.900095940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.900275946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.902481079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.902540922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.902735949 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.906640053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.906697989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.906934023 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.910382986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.910443068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.910695076 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.914695024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.914751053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.914980888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.918488979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.918548107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.918908119 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.922468901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.922528982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.923038006 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.927191973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.927251101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.927479982 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.929903030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.929961920 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.930687904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.933674097 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.933731079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.933954954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.937633038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.937693119 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.937882900 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.941366911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.941448927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.942015886 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.945532084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.945594072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.945797920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.949503899 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.949562073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.949739933 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.952893972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.952954054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.953110933 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.956409931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.956468105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.956736088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.959912062 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.959970951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.960194111 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.963773012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.963830948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.964036942 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.967364073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.967421055 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.967628956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.970976114 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.971035957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.971214056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.975052118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.975111008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.975315094 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.978622913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.978682041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.978919983 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.981672049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.981730938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.981985092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.985366106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.985447884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.985655069 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.988853931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.988912106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.989113092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.992769957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.992829084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.993041039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.995750904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.995810032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.996071100 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:06.999171972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.999229908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:06.999449968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.002595901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.002655029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.002870083 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.005805016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.005870104 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.006079912 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.009233952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.009290934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.009495974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.012614965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.012675047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.012964964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.015774965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.015830994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.016086102 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.019696951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.019762039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.019989014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.023494005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.023552895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.023772955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.025310040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.025368929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.025651932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.028687000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.028743982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.028966904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.031847954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.031904936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.032078981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.035701990 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.035758972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.036117077 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.038507938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.038563967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.038769007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.041595936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.041652918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.041842937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.044545889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.044610977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.044851065 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.047287941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.047348022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.047584057 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.050734997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.050796986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.051054955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.053936958 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.053994894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.054400921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.056515932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.056575060 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.056787014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.058408976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.058464050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.058671951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.059884071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.059942007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.060209990 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.062609911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.062669039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.062869072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.065838099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.065896034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.066107035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.068418980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.068479061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.068732977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.071486950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.071543932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.071762085 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.074758053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.074815989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.075037956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.077692986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.077749968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.077939987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.080358982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.080416918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.080641985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.083067894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.086354971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.086416006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.086666107 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.088567019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.088625908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.088779926 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.098675013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.098705053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.098892927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.099448919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.099478006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.099659920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.100666046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.100713015 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.100883007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.102335930 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.102386951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.102533102 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.103287935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.103319883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.103507996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.105494976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.105545044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.105953932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.108160019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.108213902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.108407021 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.110713005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.110743999 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.110959053 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.113609076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.113665104 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.113836050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.116224051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.116255045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.116492033 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.119036913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.119071007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.119333982 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.121381998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.121423960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.121582985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.124213934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.124244928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.124413967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.126653910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.126708031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.126921892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.129633904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.129663944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.129838943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.131931067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.131962061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.132195950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.134829998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.134865046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.135155916 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.137264013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.137295008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.137481928 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.139718056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.139749050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.139970064 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.142489910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.142520905 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.142889023 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.144948006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.144978046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.145191908 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.147187948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.147217989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.147413969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.150214911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.150250912 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.150547981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.158315897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.158351898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.158540964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.158823967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.158971071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.158977032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.160042048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.160070896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.160232067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.161185026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.161216021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.161398888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.162767887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.162798882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.162993908 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.164710999 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.164741993 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.164917946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.167081118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.167112112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.167336941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.171931982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.171962976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.172334909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.172516108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.172547102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.172724009 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.174792051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.174822092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.175039053 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.176856995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.176887035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.177042007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.179321051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.179354906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.179641962 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.181989908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.182025909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.182311058 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.183914900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.183948994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.184190035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.186317921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.186364889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.186655998 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.188565016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.188596010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.188772917 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.190879107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.190908909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.191174030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.201025009 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.201060057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.201225996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.202564001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.202600002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.202769995 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.202986002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.203016043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.203301907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.204056978 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.204091072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.204221010 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.206449986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.206482887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.206512928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.206649065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.206799030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.206954956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.208794117 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.208826065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.209006071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.212428093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.212457895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.212687969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.217139959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.217175961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.217370987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.220897913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.220958948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.221097946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.224987030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.225047112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.225181103 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.229342937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.229402065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.229572058 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.232547998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.232605934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.232812881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.235843897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.235860109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.236195087 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.236299992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.236314058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.236689091 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.237283945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.237299919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.237498999 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.238656998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.238682985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.238931894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.239413023 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.239427090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.239702940 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.240423918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.240437984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.240648985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.241559029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.241574049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.241863012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.242439032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.242453098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.242644072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.243470907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.243480921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.243659973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.244643927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.244654894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.244856119 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.245598078 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.245608091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.245831013 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.246643066 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.246752024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.246881008 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.247718096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.247728109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.248114109 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.248722076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.248732090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.248868942 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.249820948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.249834061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.250036001 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.250895023 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.250905991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.251105070 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.251848936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.251859903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.252041101 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.252908945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.253038883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.253171921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.254059076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.254168987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.254251003 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.254951954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.255069017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.255199909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.256289959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.256314039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.256475925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.257186890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.257196903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.257406950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.258205891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.258304119 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.258384943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.259370089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.259486914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.259685040 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.260267019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.260375977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.260466099 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.261307955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.261317968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.261549950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.262403011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.262419939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.262609959 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.263458967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.263469934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.263715029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.264441013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.264451027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.264946938 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.265486002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.265614986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.265662909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.266524076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.266639948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.266715050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.267566919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.267576933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.267760038 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.268888950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.268903971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.269035101 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.269758940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.269848108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.269931078 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.270745039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.270755053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.270998955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.271724939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.271833897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.272383928 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.272855997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.272950888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.273075104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.274039030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.274049044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.274205923 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.274928093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.275029898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.275207996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.276041985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.276051998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.276249886 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.277131081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.277141094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.277394056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.278299093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.278357983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.278477907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.279192924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.279251099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.279390097 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.280246973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.280303955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.280483007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.281292915 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.281352997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.281672001 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.282390118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.282448053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.282574892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.283406019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.283468962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.283571959 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.284430981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.284487963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.284635067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.285532951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.285593033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.285715103 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.286591053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.286648989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.286794901 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.287611008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.287669897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.287801027 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.288702011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.288759947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.288918972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.289710045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.289766073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.289894104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.290746927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.290806055 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.290941000 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.291773081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.291830063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.292011023 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.292809963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.292876005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.293135881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.293885946 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.293941975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.294101954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.294915915 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.294975996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.295087099 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.295917988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.295975924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.296112061 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.297008991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.297069073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.297194004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.298396111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.298455000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.298717022 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.299088001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.299153090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.299287081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.300110102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.300165892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.300292969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.301177025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.301235914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.301346064 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.302321911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.302381039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.302504063 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.303257942 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.303316116 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.303435087 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.304301023 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.304358959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.304714918 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.305366039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.305449963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.305567980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.310681105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311264038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311270952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311271906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311274052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311275959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311276913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311279058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.311850071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.311850071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.311850071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.311903954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.312200069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.312205076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.313419104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.313925982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.313930035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.314871073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.314874887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.314986944 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.315423965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.315431118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.316113949 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.316531897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.316536903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.316653967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.317643881 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.317653894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.317781925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.318356991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.318414927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.318908930 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.319425106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.319447041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.319483995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.319581032 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.320466995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.320524931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.320765018 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.321285963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.321285963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.321541071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.321599960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.321687937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.322573900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.322630882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.322741985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.323621035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.323679924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.323822975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.324717045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.324774981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.324928045 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.325671911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.325731039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.325875998 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.326760054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.326822996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.327059984 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.327802896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.327862024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.328063011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.328838110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.328893900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.329022884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.329843998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.329902887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.330044031 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.330965042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.331037045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.331181049 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.332031965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.332092047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.332309008 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.333030939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.333089113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.333313942 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.333389997 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.334067106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.334125042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.334278107 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.335120916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.335180044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.335315943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.336178064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.336234093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.336380005 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.337229013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.337289095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.337506056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.338275909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.338335037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.338593006 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.339390039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.339447975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.339634895 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.340301991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.340361118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.340502977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.341353893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.341427088 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.341557980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.342420101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.342478991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.342622042 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.343488932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.343545914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.343741894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.344765902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.344824076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.345181942 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.345529079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.345638990 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.345762968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.345808029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.345808983 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.346797943 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.346857071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.347080946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.347690105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.347748041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.347899914 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.348867893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.348927021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.349061012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.349911928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.349970102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.350110054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.350816965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.350874901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.351273060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.351828098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.351886034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.352035046 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.352884054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.352941036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.353087902 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.354093075 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.354151011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.354310989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.354975939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.355034113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.355168104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.356103897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.356162071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.356381893 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.357099056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.357156992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.357405901 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.358124018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.358182907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.358402967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.359186888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.359244108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.359468937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.360415936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.360474110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.360614061 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.361332893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.361391068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.361536980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.362303972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.362361908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.362498999 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.363336086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.363396883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.364064932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.364345074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.364402056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.364713907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.365452051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.365520000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.365712881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.366475105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.366533041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.366693020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.367510080 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.367567062 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.367726088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.368669033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.368726969 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.368947029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.369628906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.369688034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.370378971 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.370626926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.370681047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.370806932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.371218920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.371218920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.372386932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.372396946 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.372692108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.372750998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.373667002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.373716116 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.373908043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.373963118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.374049902 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.374773026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.374830008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.374919891 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.377121925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.377127886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.377129078 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.377137899 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.378240108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.378252983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.378376961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.378427029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.379380941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.379391909 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.379453897 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.380019903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.380078077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.380091906 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.380141973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.381042957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.381099939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.381174088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.382396936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.382453918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.383033991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.383090019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.383126974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.383171082 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.384145975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.384202957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.384296894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.385128021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.385185957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.385476112 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.386204004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.386260986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.386348009 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.387192011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.387249947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.387339115 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.388303995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.388360977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.388469934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.389309883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.389369965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.389497042 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.390373945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.390420914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.390753031 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.391653061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.391711950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.391911030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.392383099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.392441034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.392569065 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.403032064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.403091908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.403512955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.403933048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.403991938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.404442072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.404499054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.404553890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.404700994 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.406486988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.406544924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.406622887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.406667948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.407349110 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.408065081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.408124924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.408627033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.408689022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.408730984 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.409070015 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.409534931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.409738064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.410051107 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.410770893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.410835981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.411377907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.411628962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.411864042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.412617922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.412708044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.412772894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.413149118 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.413733959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.413790941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.413975954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.415076971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.415136099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.415565968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.415807009 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.415863037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.416260004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.416872978 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.416933060 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.417428970 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.418584108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.418641090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.418956041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.418982983 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.419012070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.419787884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.420036077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.420089960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.420859098 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.421036959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.421092987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.421251059 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.422449112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.422508001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.422882080 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.423053026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.423111916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.423239946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.424128056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.424185991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.424316883 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.425168991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.425226927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.425343037 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.426285028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.426345110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.426481962 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.427226067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.427283049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.427710056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.428292036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.428349018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.428586006 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.429352045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.429408073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.429613113 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.430633068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.430691004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.430821896 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.431440115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.431494951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.431627989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.432429075 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.432487011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.432694912 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.433492899 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.433554888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.433774948 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.434490919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.434550047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.434669018 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.435559034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.435615063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.435753107 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.436604977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.436664104 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.436801910 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.437676907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.437736034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.437846899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.438704014 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.438760996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.439302921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.439687967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.439747095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.440001011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.440674067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.440731049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.440845013 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.441725969 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.441786051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.441989899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.442785025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.442842007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.442950964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.443816900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.443876028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.443963051 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.444911003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.444967985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.445188046 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.445574999 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.445811987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.445866108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.445991993 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.447032928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.447091103 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.447215080 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.447967052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.448024988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.448151112 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.449007988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.449071884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.449270964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.450289011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.450351000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.450579882 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.450989008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.451047897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.451220989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.452138901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.452218056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.452325106 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.453195095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.453253031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.453377962 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.454230070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.454288006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.454408884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.455214024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.455271006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.455504894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.456271887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.456330061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.456537962 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.457319021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.457376957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.457479954 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.458389044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.458446980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.458580017 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.459386110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.459467888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.459578991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.460413933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.460472107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.461060047 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.461426020 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.461493015 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.461591005 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.462565899 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.462765932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.462775946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.463550091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.463608027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.463742971 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.464555979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.464615107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.464726925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.465594053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.465651035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.465780020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.466578960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.466635942 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.467041016 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.467633009 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.467688084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.467847109 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.468705893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.468765974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.468899965 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.470176935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.470237017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.470355988 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.470733881 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.470798016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.471004009 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.472034931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.472093105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.472423077 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.472810030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.472867012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.473058939 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.473875046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.473934889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.474046946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.474937916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.474993944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.475148916 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.475878954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.475938082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.476075888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.476972103 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.477029085 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.477129936 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.478667021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.478724957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.478909969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.479058981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.479120016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.479233027 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.480077982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.480135918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.480225086 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.481113911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.481170893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.481313944 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.482389927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.482448101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.482567072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.483220100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.483278036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.483500004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.484190941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.484250069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.484359026 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.485213995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.485272884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.485445976 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.486474037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.486531973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.486645937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.487286091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.487353086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.487518072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.488384962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.488441944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.488648891 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.489506960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.489567995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.489692926 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.490765095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.490823030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.490935087 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.491736889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.491796017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.491909981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.492549896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.492608070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.492743015 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.493588924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.493647099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.494144917 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.494856119 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.494913101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.495035887 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.495652914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.495712996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.495874882 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.496707916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.496764898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.496876001 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.497704983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.497762918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.497889996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.499496937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.499557018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.499636889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.499682903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.499737978 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.499855995 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.500792980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.500849962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.501035929 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.502506971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.502567053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.502700090 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.502976894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.503207922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.503290892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.503993034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.504050016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.504220963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.504956007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.505002975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.505184889 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.506439924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.506498098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.506628036 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.506987095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.507045031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.507277012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.508048058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.508104086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.508239985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.509092093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.509150028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.509242058 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.510788918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.510843992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.510984898 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.511146069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.511200905 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.511316061 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.512187958 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.512244940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.512700081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.513267994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.513324976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.513555050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.514422894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.514482021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.514687061 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.515314102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.515371084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.515505075 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.516565084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.516623020 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.516755104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.517355919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.517427921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.517533064 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.518450975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.518508911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.518599987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.519460917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.519516945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.519778967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.520534992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.520595074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.520734072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.521528959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.521585941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.521713972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.522604942 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.522665024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.522842884 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.523582935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.523639917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.523840904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.524635077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.524693012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.524826050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.525698900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.525757074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.525947094 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.526742935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.526802063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.527014017 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.527802944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.527858973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.527972937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.528799057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.528858900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.529041052 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.529820919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.529879093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.530514002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.530817032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.530937910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.531079054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.531924963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.531984091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.532078981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.532967091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.533044100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.533133030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.534262896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.534313917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.534523010 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.534987926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.535036087 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.535253048 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.536022902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.536079884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.536441088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.537101984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.537151098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.537317991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.538348913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.538398981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.538618088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.539123058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.539170980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.539359093 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.540236950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.540288925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.540425062 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.541259050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.541309118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.541626930 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.542205095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.542253971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.542357922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.543262959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.543312073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.543423891 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.544280052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.544328928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.544461966 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.545259953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.545310974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.545471907 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.546603918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.546653986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.546772003 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.547316074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.547367096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.547418118 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.547528028 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.548515081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.548564911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.548686981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.549331903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.549381018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.549499989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.550290108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.550339937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.550554991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.551248074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.551295996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.551412106 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.552195072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.552244902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.552520990 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.553139925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.553189039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.553333044 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.554177046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.554225922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.554449081 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.555052996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.555104971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.555233002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.556020975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.556067944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.556309938 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.556943893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.556994915 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.557203054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.557378054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.557921886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.557974100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.558159113 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.558796883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.558844090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.558975935 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.559767008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.559817076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.559952021 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.560914993 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.560965061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.561479092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.561546087 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.561600924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.561860085 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.562454939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.562504053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.562669039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.563402891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.563461065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.563613892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.564279079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.564327955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.564450026 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.565224886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.565274954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.565399885 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.566207886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.566258907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.566442013 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.566910982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.566958904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.567076921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.568001986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.568053007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.568259001 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.568681002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.568730116 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.568897963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.569514036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.569590092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.569686890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.570457935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.570508003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.570625067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.571278095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.571327925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.571924925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.572130919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.572176933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.572382927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.573014975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.573064089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.573271036 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.573955059 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.574003935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.574115992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.574759007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.574811935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.574954987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.575628042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.575676918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.575778008 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.576395035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.576442957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.576720953 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.577317953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.577368021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.577501059 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.578347921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.578398943 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.578543901 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.578952074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.578999043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.579119921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.579727888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.579777956 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.579900980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.580549002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.580595970 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.580739975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.581669092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.581717014 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.582073927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.582220078 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.582268953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.582487106 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.582972050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.583020926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.583201885 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.583822012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.583870888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.584074020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.584598064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.584646940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.584759951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.585589886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.585639000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.585752964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.586452961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.586503983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.586633921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.587066889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.587104082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.587378025 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.587833881 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.587882996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.587970972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.588634968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.588684082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.588845968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.589390039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.589459896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.589624882 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.590336084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.590384960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.590565920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.590975046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.591022968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.591197014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.591703892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.591753006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.591880083 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.592433929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.592494011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.592597961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.593154907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.593269110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.593641996 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.594105959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.594152927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.594309092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.594820023 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.594870090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.594954014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.595560074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.595607996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.595757008 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.596290112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.596338987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.596434116 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.597064972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.597115993 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.597203016 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.597795010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.597842932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.597929001 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.598927975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.598975897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.599097967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.599299908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.599345922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.599514008 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.600056887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.600106955 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.600346088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.600935936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.600985050 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.601074934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.601531982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.601578951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.601739883 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.602894068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.602941036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.603074074 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.603121042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.603169918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.603652000 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.603760004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.603809118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.604022026 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.604494095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.604548931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.604711056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.605299950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.605348110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.605470896 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.606399059 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.606447935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.606596947 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.606695890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.606745005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.606854916 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.607355118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.607403994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.607525110 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.608118057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.608170986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.608386040 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.608876944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.608926058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.609138966 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.609513044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.609580994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.609683037 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.610773087 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.610821962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.610939980 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.611037016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.611084938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.611202002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.611686945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.611737013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.611947060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.612766027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.612834930 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.612982035 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.613111973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.613203049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.613293886 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.613800049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.613841057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.614126921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.614516973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.614557028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.614674091 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.615226984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.615274906 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.615418911 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.615936041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.615977049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.616063118 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.616622925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.616663933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.616806030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.617405891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.617465019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.617584944 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.618644953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.618686914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.618822098 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.618861914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.618905067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.619049072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.619529963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.619571924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.619762897 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.620157957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.620198965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.620313883 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.620847940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.620891094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.620990038 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.621576071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.621675968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.621767998 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.622230053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.622271061 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.622397900 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.622912884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.622960091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.623085022 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.623603106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.623655081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.624063969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.624202013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.624242067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.624429941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.624977112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.625006914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.625149012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.626158953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.626200914 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.626384020 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.626398087 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.626426935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.626516104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.626916885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.626959085 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.627051115 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.627597094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.627638102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.627800941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.628274918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.628317118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.628706932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.628889084 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.629034042 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.629137993 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.629648924 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.629692078 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.629805088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.630990028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631031036 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631062984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631138086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631155014 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.631236076 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.631599903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631639957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.631771088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.632314920 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.632363081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.632497072 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.632941008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.632982016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.633105993 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.633606911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.633649111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.633745909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.634532928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.634576082 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.634605885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.634737968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.634768963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.635302067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.635344028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.635375977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.635680914 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.636199951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.636241913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.636274099 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.636384964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.636447906 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.637149096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.637196064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.637335062 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.637377977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.638158083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.638199091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.638231039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.638334036 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.638397932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.639086008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.639117002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.639154911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.639261007 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.640024900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.640065908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.640098095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.640217066 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.640408039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.640974045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.641015053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.641047001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.641155958 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.642335892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642379045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642410994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642519951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.642570019 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.642828941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642868996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642901897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.642998934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.643846989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.643887997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.643919945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.643978119 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.644051075 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.644768953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.644810915 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.644843102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.645004988 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.646097898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.646141052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.646265030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.646338940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.646379948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.646411896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.646547079 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.647245884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.647289991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.647320986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.647408962 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.648116112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.648159027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.648190975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.648317099 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.648367882 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.649044037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.649085045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.649117947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.649205923 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.650199890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.650240898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.650274038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.650389910 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.650433064 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.650980949 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.651025057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.651056051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.651128054 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.652220011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.652262926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.652293921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.652363062 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.652421951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.652806997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.652870893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.652904987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.653000116 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.653728008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.653769016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.653801918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.653867960 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.653971910 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.654613972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.654659986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.654687881 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.654936075 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.655651093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.655692101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.655724049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.655783892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.655925989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.656421900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.656465054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.656497002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.656585932 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.657244921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.657285929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.657318115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.657406092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.657483101 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.658322096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.658364058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.658396006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.658519030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.659153938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.659197092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.659228086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.659318924 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.659365892 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.659946918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.659986973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.660020113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.660120964 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.660845041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.660886049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.661083937 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.661353111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.661391973 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.661488056 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.661557913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.661709070 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.662933111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.662976027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.663007975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.663285971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.663326025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.663356066 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.663358927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.663532972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.663722992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.664103985 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.664144039 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.664176941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.664283991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.664906025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.664947033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.664979935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.665113926 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.666169882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666210890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666244984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666336060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.666779995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666821003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666851997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.666980982 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.667018890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.667531013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.667572975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.667604923 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.667800903 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.668416977 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.668458939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.668489933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.668606043 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.668642044 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.669260979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.669301987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.669333935 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.669441938 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.670510054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.670551062 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.670583963 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.670698881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.670757055 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.671004057 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.671046972 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.671078920 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.671181917 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.671855927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.671902895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.671935081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.672074080 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.672264099 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.672708988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.672749043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.672781944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.672893047 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.673588991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.673630953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.673664093 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.673722029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.673794031 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.674475908 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.674519062 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.674550056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.674658060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.675219059 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.675261021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.675409079 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.675812006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.675854921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.675890923 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.676012039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.676187038 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.676598072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.676639080 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.676687002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.676795959 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.677427053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.677573919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.677617073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.677619934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.677732944 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.678323030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.678364992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.678395987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.678479910 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.679222107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.679265022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.679296017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.679410934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.679457903 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.680008888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.680049896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.680082083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.680524111 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.680824041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.680903912 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.680938959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.681056023 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.681210041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.681662083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.681710005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.681742907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.681898117 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.682537079 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.682579041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.682610989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.682738066 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.683368921 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.683409929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.683443069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.683579922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.684221029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.684262991 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.684294939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.684398890 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.684423923 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.685034037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.685075998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.685108900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.685340881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.685882092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.685925007 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.685955048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.686063051 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.686106920 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.686769009 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.686810970 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.686841965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.687007904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.687474012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.687515974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.687547922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.687635899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.687695026 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.688282967 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.688324928 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.688355923 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.688436031 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.689137936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.689182043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.689615011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.689666033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.689713001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.689738989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.689934969 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.690110922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.690553904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.690596104 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.690627098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.690742016 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.691189051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.691334009 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.691356897 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.691397905 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.691540003 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.691998005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.692164898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.692208052 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.692312956 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.692837000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.692877054 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.692909002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.693069935 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.693671942 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.693712950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.693744898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.694080114 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.694758892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.694799900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.694833040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.694958925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.695025921 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.695171118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.695210934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.695348024 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.695383072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696072102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696113110 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696145058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696209908 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.696326971 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.696890116 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696932077 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.696964025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.697055101 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.697596073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.697637081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.697669029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.697776079 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.697822094 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.698429108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.698527098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.698560953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.698707104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.699124098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.699242115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.699275017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.699310064 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.699394941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.699892998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.699927092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.699958086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.700057030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.700699091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.700733900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.700763941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.700876951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.700876951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.701503038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.701572895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.701606035 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.701718092 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.702265978 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.702301025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.702507973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.702761889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.702868938 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.702907085 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.703085899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.703085899 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.703628063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.703663111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.703694105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.703824043 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.703824043 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.704385042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.704420090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.704449892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.704516888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.704595089 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.705157995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.705257893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.705291986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.705447912 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.706140041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.706267118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.706273079 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.706300974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.706479073 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.706756115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.706882000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.706916094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.707029104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.707609892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.707710028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.707743883 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.707793951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.707887888 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.708337069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.708452940 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.708481073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.708626032 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.709137917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.709172010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.709203005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.709327936 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.709327936 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.710150003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710258961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710292101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710408926 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.710643053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710678101 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710726976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.710786104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.710912943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.711438894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.711545944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.711580038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.711647987 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.712201118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.712307930 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.712342024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.712352991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.712539911 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.712992907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713104010 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713136911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713291883 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.713723898 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.713824034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713859081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713890076 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.713968992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.714045048 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.714607954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.714642048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.714689016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.714840889 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.715354919 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.715461016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.715518951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.715852976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.715887070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.715960026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.716001034 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.716113091 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.716665983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.716768980 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.716803074 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.717380047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.717402935 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.717502117 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.717535019 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.717633963 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.717828989 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.718225002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.718328953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.718363047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.718482018 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.718938112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719050884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719084024 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719183922 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.719234943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.719726086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719760895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719791889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.719882965 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.720540047 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.720659018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.720693111 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.720702887 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.720870972 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.721277952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.721339941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.721395016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.721519947 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.722217083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722251892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722281933 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722369909 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.722444057 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.722798109 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722832918 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722893000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.722960949 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.723515987 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.723550081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.723596096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.723669052 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.723745108 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.724328995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.724363089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.724394083 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.724576950 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.725020885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.725145102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.725179911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.725228071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.725313902 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.725848913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.725883961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.725914001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.726519108 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.726756096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.726789951 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.726819992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.726983070 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.727128029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.727380037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.727454901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.727489948 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.727641106 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.728173971 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.728208065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.728307009 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.728578091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.728612900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.728676081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.728827000 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.728857994 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.729502916 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.729624033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.729669094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.729799032 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.730451107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730556011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730590105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730648041 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.730777025 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730777979 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.730813026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730940104 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.730957985 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.731583118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.731656075 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.731694937 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.731803894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.731851101 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.732296944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.732403040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.732455015 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.732558012 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.733028889 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.733143091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.733176947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.733195066 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.733295918 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.733830929 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.733866930 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.733973026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.734008074 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.734528065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.734642982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.734678030 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.734714031 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.734817982 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.735261917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.735377073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.735411882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.735776901 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.735989094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736064911 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736098051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736303091 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.736303091 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.736763000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736798048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736829042 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.736954927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.737449884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.737559080 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.737591982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.737667084 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.737747908 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.738240957 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.738352060 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.738384962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.738502979 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.738924026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.739041090 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.739065886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.739099026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.739106894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.739216089 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.739953041 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.739988089 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.740017891 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.740108013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.740267992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.740870953 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.740902901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.740935087 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.741030931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.741096973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.742083073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742117882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742149115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742233992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.742247105 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742309093 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.742789984 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742825031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742922068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.742937088 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.742957115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.743150949 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.743753910 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.743788958 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.743819952 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.743881941 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.743899107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.743994951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.744767904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.744898081 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.744931936 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.744962931 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.745064020 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.745239019 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.745718002 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.745819092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.745852947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.745871067 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.745884895 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.746041059 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.746651888 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.746754885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.746789932 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.746809006 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.746820927 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.746932030 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.747535944 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.747642994 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.747675896 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.747706890 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.747770071 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.747859955 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.748579979 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.748692989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.748728037 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.748759031 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.748816967 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.749015093 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.749474049 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.749506950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.749537945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.749603033 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.749614000 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.749763966 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.750447989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.750564098 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.750597954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.750602961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.750629902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.750735044 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.751383066 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.751416922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.751449108 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.751528025 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.751549959 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.751677990 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.752398968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.752433062 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.752542973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.752779961 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.752912998 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.752948046 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.752955914 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.752979040 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.753570080 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.753690004 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.753824949 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.753859043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.753891945 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.753947973 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.754264116 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.754621029 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.754759073 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.754759073 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.754793882 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.754826069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.754903078 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.755810022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.755923986 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.755954981 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.755959034 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.755990982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.756088018 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.756522894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.756557941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.756592989 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.756660938 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.756692886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.756736040 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.757658005 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.757759094 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.757792950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.757824898 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.757859945 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.758080006 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.758635044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.758668900 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.758699894 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.758764029 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.758774996 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.758829117 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.759301901 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.759426117 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.759439945 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.759460926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.759491920 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.759584904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.760231018 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.760334969 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.760370016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.760389090 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.760401011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.760495901 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.761099100 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.761132956 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.761219978 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.761229038 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.761264086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.761353970 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.762065887 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.762208939 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.762243032 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.762274027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.762330055 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.762511015 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.763077021 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.763184071 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.763195992 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.763219118 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.763250113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.763407946 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.763875008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.763982058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.764025927 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.764451981 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.764487982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.764518976 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.764549017 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.764602900 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.764648914 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.765288115 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.765364885 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.765422106 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.765460014 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.765512943 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.765613079 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.766236067 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.766300917 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.766335011 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.766428947 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.766532898 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.766710043 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.767081022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.767198086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.767230988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.767239094 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.767261982 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.767425060 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.767982006 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.768094063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.768124104 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.768126965 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.768165112 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.768229961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.768951893 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769064903 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769098043 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769103050 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.769129992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769217968 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.769876003 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769911051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769942045 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.769999027 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.770020962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.770112991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.770695925 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.770802975 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.770837069 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.770868063 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.771081924 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.771081924 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.771629095 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.771735907 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.771770000 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.771789074 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.771800995 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.771883011 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.772469997 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.772504091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.772535086 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.772631884 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.772665977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.772665977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.773324013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.773401022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.773461103 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.773469925 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.773535013 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.773597002 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.774228096 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.774363995 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.774365902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.774400949 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.774430990 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.774535894 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.775152922 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775187016 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775422096 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.775509119 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775644064 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775676966 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775707960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.775743961 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.775846004 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.776551008 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.776658058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.776690960 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.776702881 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.776721954 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.776823997 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.777395964 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.777443886 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.777476072 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.777525902 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.777549028 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.777626991 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.778227091 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.778368950 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.778381109 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.778403044 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.778434992 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.778527975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.779122114 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.779269934 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.779304028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.779335022 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.779721975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.779721975 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.780036926 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.780071974 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.780102015 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.780199051 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.780282974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.780282974 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.780910015 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.781017065 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.781052113 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.781083107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.781126976 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.781178951 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.782048941 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782083988 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782114983 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782188892 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782254934 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.782675028 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782800913 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782814026 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.782834053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.782866001 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.783011913 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.783503056 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.783616066 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.783648968 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.783679962 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.783725977 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.783917904 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.784394026 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.784430027 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.784460068 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.784533978 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.784558058 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.784579039 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.785391092 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.785437107 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.785468102 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.785515070 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.785559893 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.785559893 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.786205053 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.786236048 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:07.786365986 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.876399994 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:07.876456976 CET497575980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:08.178510904 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:08.178555012 CET59804975795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:25.927473068 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.236450911 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:26.236645937 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.236763954 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.545284986 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:26.551635027 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:26.551738024 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:26.551954985 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.559343100 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.873254061 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:26.923093081 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:26.969114065 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:27.318358898 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:27.631479979 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:27.633783102 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:27.942681074 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:27.942992926 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:28.251658916 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:28.338787079 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:28.341007948 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:28.649756908 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:28.649935961 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:28.958823919 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.047220945 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.094280005 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221366882 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221473932 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221504927 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221504927 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221577883 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221577883 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221750975 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.221750975 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.530292034 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530402899 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530412912 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530514002 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530631065 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530641079 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.530714989 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.530730009 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.530798912 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.530798912 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.530966997 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.531147957 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.531308889 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.839442968 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839534998 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839548111 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839632988 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.839658022 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839807987 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.839807987 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.839898109 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839914083 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:29.839979887 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.840014935 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.840141058 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:29.840326071 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.148313046 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.148457050 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.148504019 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.148677111 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.148678064 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.148731947 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.148817062 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.148843050 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.149022102 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.149051905 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.149184942 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.150115967 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.150249004 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.150379896 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.150553942 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:30.457426071 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.457449913 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.457463026 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.457619905 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.457995892 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.458121061 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.458291054 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.458421946 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.458910942 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.459119081 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.459134102 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.459243059 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.459285975 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.574729919 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:30.625416040 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.064861059 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065013885 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065013885 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065042973 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065054893 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065129995 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.065129995 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.373811960 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374047041 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374161005 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374300957 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374422073 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374557018 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374564886 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.374674082 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.471226931 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:31.515604973 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.761656046 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.761746883 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.761774063 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.761774063 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.761846066 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:31.762026072 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:32.062376976 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:32.070398092 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070497990 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070549965 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:32.070620060 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070739985 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070753098 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070866108 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070878029 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.070888042 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.371105909 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.379185915 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.459495068 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:32.515398979 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:33.468413115 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:33.777254105 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:33.777491093 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:34.086886883 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:34.173538923 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:34.173782110 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:34.173805952 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:34.174066067 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:34.174217939 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:34.174417019 CET59805198695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:34.174545050 CET519865980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:39.186080933 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:39.488217115 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:39.488413095 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:39.488514900 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:39.790616989 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:39.796828032 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:39.796835899 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:39.798000097 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:39.804672003 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:40.113105059 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:40.113404036 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:40.455415010 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:40.797260046 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:40.799477100 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:41.101252079 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:41.101547956 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:41.403381109 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:41.497083902 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:41.499408007 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:41.801347971 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:41.801531076 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.103444099 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.196918964 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.200325012 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.200932026 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.207315922 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.207379103 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.207427025 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.207691908 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.217736959 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.218096972 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.228364944 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.238847017 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.239115000 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.249624014 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.260296106 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.260565996 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.270713091 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.281296968 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.281626940 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.291836023 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.302658081 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.303103924 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.313272953 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.357120991 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.502922058 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.508236885 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.508552074 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.518835068 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.529490948 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.529695988 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.540071964 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.550656080 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.550930023 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:42.561145067 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:42.606949091 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:44.659295082 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:44.961349964 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:44.961523056 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.263647079 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.371481895 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.382344007 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.382407904 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.382688046 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.389043093 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.389095068 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.389262915 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.397245884 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.397313118 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.397599936 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.410610914 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.410661936 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.411228895 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.417670965 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.417737961 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.417881966 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.431410074 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.431474924 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.431607008 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.444988966 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.445054054 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.445271969 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.458631039 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.458693981 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.458843946 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.471971989 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.472035885 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.472168922 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.485682964 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.485745907 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.485898018 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.499105930 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.499170065 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.499353886 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.512768030 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.512834072 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.512989998 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.526410103 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.526473999 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.526705027 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.539886951 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.539952040 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.540096045 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.553215981 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.553281069 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.553435087 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.566723108 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.566817999 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.566987991 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.580252886 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.580311060 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.580533981 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.594795942 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.595197916 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.684731960 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.684773922 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.684994936 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.691772938 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.691818953 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.691979885 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.705332041 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.705378056 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.705514908 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.718992949 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.719058990 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.719336987 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.732507944 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.732572079 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.732876062 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.745870113 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.745934010 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.746212006 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.759700060 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.759763956 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.760126114 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.773034096 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.773101091 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.773284912 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.786613941 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.786704063 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.786904097 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.800290108 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.800354004 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.800580978 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.813843966 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.813910007 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.814137936 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.827377081 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.827440023 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.827727079 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.841046095 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.841108084 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.841325045 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.854192019 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.854255915 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.854536057 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.867024899 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.867089033 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.867373943 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.878906965 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.878968000 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.879249096 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.890650034 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.890713930 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.890995979 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.901874065 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.901937962 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.902232885 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.912667990 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.912727118 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.912930965 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.922875881 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.922935009 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.923149109 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.933037043 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.933094025 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.933330059 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.943541050 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.943604946 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.943959951 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.953732014 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.953794956 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.954071045 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.964047909 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.964109898 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.964422941 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.973999023 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.979266882 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.979332924 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.979556084 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:45.989717007 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.989782095 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:45.989933968 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.000000954 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.000061989 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.000289917 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.009922981 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.009985924 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.010139942 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.015896082 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.015959024 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.016114950 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.021635056 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.021699905 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.021827936 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.027291059 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.027354956 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.027498960 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.033008099 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.033071041 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.033231974 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.038913965 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.038979053 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.039119959 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.044208050 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.044271946 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.044488907 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.049936056 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.049998999 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.050281048 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.055807114 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.055871964 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.056149960 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.061530113 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.061594009 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.061873913 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.067187071 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.067249060 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.067529917 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.072782040 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.072846889 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.073002100 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.078788996 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.078856945 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.079138041 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.084348917 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.084414005 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.084693909 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.089859009 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.089922905 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.090203047 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.095702887 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.095766068 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.095926046 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.101548910 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.101612091 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.101839066 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.107153893 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.107218981 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.107503891 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.112799883 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.112862110 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.113017082 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.118652105 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.118716955 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.119003057 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.124241114 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.124304056 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.124459982 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.129895926 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.129959106 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.130239010 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.135689020 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.135751009 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.135987043 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.141236067 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.141299963 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.141433954 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.147243023 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.147306919 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.147866011 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.152925014 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.152991056 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.153110027 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.159210920 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.159276009 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.159450054 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.164180040 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.164242983 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.164522886 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.169737101 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.169800997 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.170098066 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.175337076 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.175399065 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.175544024 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.181039095 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.181097984 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.181221962 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.186743021 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.186800003 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.187014103 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.192428112 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.192486048 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.192639112 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.198580027 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.198638916 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.198786974 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.203955889 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.204020023 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.204207897 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.209515095 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.209574938 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.209876060 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.215181112 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.215240002 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.215481043 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.220984936 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.221043110 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.221188068 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.226613998 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.226670027 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.226895094 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.232312918 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.232369900 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.232567072 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.237926960 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.238003016 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.238126993 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.243616104 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.243627071 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.243845940 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.364217997 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.666129112 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:46.666452885 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:46.968487024 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.064117908 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.064172029 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.064204931 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.064395905 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.064522028 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.064522028 CET519875980192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.340651035 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.340765953 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.340987921 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.341075897 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.341108084 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.366626978 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.366645098 CET59805198795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.976874113 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.977157116 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.980846882 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:47.980901003 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.981591940 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:47.983359098 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:48.025439978 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:52.961822987 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:52.961916924 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:52.962287903 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:52.962287903 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:52.962450027 CET51988443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:52.962476015 CET4435198895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:53.964121103 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:53.964255095 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:53.964457035 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:53.964576960 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:53.964616060 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:54.583594084 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:54.583911896 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:54.587331057 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:54.587359905 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:54.587661982 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:54.589009047 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:54.629667044 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:59.577258110 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:59.577409029 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:59.577603102 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:59.577754974 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:59.577754974 CET51989443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:09:59.577806950 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:59.577825069 CET4435198995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:00.587613106 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:00.587692022 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:00.587904930 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:00.587971926 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:00.587995052 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:01.215662003 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:01.215926886 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:01.222707033 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:01.222769976 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:01.223773956 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:01.224956989 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:01.265512943 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:06.204149961 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:06.204318047 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:06.204492092 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:06.204567909 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:06.204567909 CET51990443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:06.204612970 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:06.204629898 CET4435199095.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.211266041 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.211375952 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.211707115 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.211707115 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.211852074 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.840945005 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.841200113 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.844739914 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.844815016 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.845894098 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:07.846988916 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:07.889630079 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:12.828699112 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:12.828866005 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:12.829025984 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:12.829102993 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:12.829149008 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:12.829174995 CET51991443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:12.829197884 CET4435199195.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:13.834924936 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:13.835036993 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:13.835352898 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:13.835352898 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:13.835503101 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:14.463572979 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:14.463841915 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:14.467506886 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:14.467576981 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:14.468482018 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:14.469769001 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:14.513436079 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:19.452584982 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:19.452729940 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:19.452867031 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:19.452924967 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:19.452958107 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:19.452971935 CET51992443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:19.452989101 CET4435199295.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:20.458144903 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:20.458245039 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:20.458542109 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:20.458542109 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:20.458687067 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:21.091842890 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:21.092109919 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:21.095571041 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:21.095643997 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:21.096688986 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:21.097904921 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:21.141657114 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:26.080029011 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:26.080091000 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:26.080229998 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:26.080265999 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:26.080265999 CET51993443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:26.080284119 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:26.080290079 CET4435199395.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.081803083 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.081917048 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.082278013 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.082278013 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.082425117 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.707828045 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.708082914 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.711702108 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.711776972 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.712785006 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:27.714107037 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:27.757529020 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:32.697362900 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:32.697549105 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:32.697691917 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:32.697765112 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:32.697765112 CET51994443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:32.697803974 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:32.697818995 CET4435199495.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:33.705384016 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:33.705496073 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:33.705843925 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:33.705843925 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:33.705987930 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:34.330847025 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:34.331099987 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:34.334780931 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:34.334853888 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:34.335900068 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:34.337083101 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:34.377641916 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:39.320317984 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:39.320472002 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:39.320692062 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:39.320692062 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:39.320693016 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:39.625749111 CET51995443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:39.625833035 CET4435199595.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.329035997 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:40.329149961 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.329749107 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:40.329750061 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:40.329900026 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.955598116 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.955821037 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:40.959507942 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:40.959583044 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.960589886 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:40.961736917 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:41.005744934 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:45.945581913 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:45.945738077 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:45.945897102 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:45.945964098 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:45.945964098 CET51996443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:45.946005106 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:45.946021080 CET4435199695.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:46.952451944 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:46.952554941 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:46.952744007 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:46.952889919 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:46.952939987 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:47.581353903 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:47.581671953 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:47.585370064 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:47.585448980 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:47.586498976 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:47.587639093 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:47.629513979 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:52.569611073 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:52.569782019 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:52.569982052 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:52.570060968 CET51997443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:52.570107937 CET4435199795.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:53.560400009 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:53.560513020 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:53.560842991 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:53.560842991 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:53.560992002 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:54.175946951 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:54.176155090 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:54.179816961 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:54.179841995 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:54.180259943 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:54.181770086 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:54.225461960 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:59.168984890 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:59.169135094 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:59.169337988 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:59.169446945 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:59.169472933 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:10:59.169507027 CET51998443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:10:59.169523001 CET4435199895.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.183867931 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.183957100 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.184180021 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.184248924 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.184277058 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.808980942 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.809211969 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.812911034 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.812959909 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.813942909 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:00.815005064 CET51999443192.168.11.2095.182.97.106
                                                                                                                                                            Nov 26, 2024 01:11:00.861521006 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:05.798155069 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:05.798197031 CET4435199995.182.97.106192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:11:05.799227953 CET51999443192.168.11.2095.182.97.106

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 26, 2024 01:09:12.579154968 CET5600553192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.579155922 CET5388353192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET6487353192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET5404453192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET6422753192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.580436945 CET4971053192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.581362963 CET6055853192.168.11.201.1.1.1
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET53540441.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:12.751027107 CET53560051.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:12.911187887 CET53605581.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:12.918569088 CET53538831.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.318567991 CET53642271.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.498816967 CET53497101.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.499739885 CET60559123192.168.11.20194.58.203.20
                                                                                                                                                            Nov 26, 2024 01:09:13.499739885 CET60559123192.168.11.20213.239.239.164
                                                                                                                                                            Nov 26, 2024 01:09:13.499739885 CET60559123192.168.11.2094.198.159.10
                                                                                                                                                            Nov 26, 2024 01:09:13.499739885 CET60559123192.168.11.2062.149.0.30
                                                                                                                                                            Nov 26, 2024 01:09:13.499741077 CET60559123192.168.11.20133.243.238.243
                                                                                                                                                            Nov 26, 2024 01:09:13.499739885 CET60559123192.168.11.20162.159.200.1
                                                                                                                                                            Nov 26, 2024 01:09:13.670864105 CET12360559162.159.200.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.781003952 CET12360559133.243.238.243192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.820950031 CET1236055994.198.159.10192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.828876972 CET12360559213.239.239.164192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.850565910 CET1236055962.149.0.30192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:13.854305983 CET12360559194.58.203.20192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:21.487144947 CET592101900192.168.11.20239.255.255.250
                                                                                                                                                            Nov 26, 2024 01:09:21.526983023 CET53644721.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:21.546082973 CET53526551.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:21.682291031 CET53614311.1.1.1192.168.11.20
                                                                                                                                                            Nov 26, 2024 01:09:24.626838923 CET605891900192.168.11.20239.255.255.250

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Nov 26, 2024 01:09:12.579154968 CET192.168.11.201.1.1.10x8e5aStandard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.579155922 CET192.168.11.201.1.1.10x5f44Standard query (0)ntp.time.nlA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET192.168.11.201.1.1.10xb4b2Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET192.168.11.201.1.1.10xd7a2Standard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.579261065 CET192.168.11.201.1.1.10x5e8cStandard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.580436945 CET192.168.11.201.1.1.10xe498Standard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.581362963 CET192.168.11.201.1.1.10x2703Standard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Nov 26, 2024 01:09:12.750524044 CET1.1.1.1192.168.11.200xb4b2No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET1.1.1.1192.168.11.200xd7a2No error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET1.1.1.1192.168.11.200xd7a2No error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET1.1.1.1192.168.11.200xd7a2No error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET1.1.1.1192.168.11.200xd7a2No error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.750983000 CET1.1.1.1192.168.11.200xd7a2No error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.751027107 CET1.1.1.1192.168.11.200x8e5aNo error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.751027107 CET1.1.1.1192.168.11.200x8e5aNo error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.911187887 CET1.1.1.1192.168.11.200x2703No error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.918569088 CET1.1.1.1192.168.11.200x5f44No error (0)ntp.time.nl94.198.159.10A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:12.918569088 CET1.1.1.1192.168.11.200x5f44No error (0)ntp.time.nl94.198.159.14A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:13.318567991 CET1.1.1.1192.168.11.200x5e8cNo error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:13.318567991 CET1.1.1.1192.168.11.200x5e8cNo error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 26, 2024 01:09:13.498816967 CET1.1.1.1192.168.11.200xe498No error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false

                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:19:08:56
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Users\user\Desktop\download.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\download.exe"
                                                                                                                                                            Imagebase:0x700000
                                                                                                                                                            File size:449'536 bytes
                                                                                                                                                            MD5 hash:42131AD9CD6FF5801461B1071581A091
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:19:08:58
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                            Imagebase:0x3d0000
                                                                                                                                                            File size:47'016 bytes
                                                                                                                                                            MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000002.00000003.144630570589.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:19:09:07
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                            Imagebase:0x7ff60db60000
                                                                                                                                                            File size:830'520 bytes
                                                                                                                                                            MD5 hash:AB7AB4CF816D091EEE234C1D9BC4FD13
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:19:09:17
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                            Imagebase:0x7ff73cff0000
                                                                                                                                                            File size:2'742'376 bytes
                                                                                                                                                            MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:19:09:18
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe"
                                                                                                                                                            Imagebase:0x7ff68e500000
                                                                                                                                                            File size:1'656'712 bytes
                                                                                                                                                            MD5 hash:E2FC40F6677D44EF89D6C6D15CB4BB4B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:19:09:18
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 5152 -s 592
                                                                                                                                                            Imagebase:0x7ff711690000
                                                                                                                                                            File size:568'632 bytes
                                                                                                                                                            MD5 hash:5C06542FED8EE68994D43938E7326D75
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:19:09:18
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d"
                                                                                                                                                            Imagebase:0x7ff73cff0000
                                                                                                                                                            File size:2'742'376 bytes
                                                                                                                                                            MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:19:09:19
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff73cff0000
                                                                                                                                                            File size:2'742'376 bytes
                                                                                                                                                            MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:11
                                                                                                                                                            Start time:19:09:20
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9"
                                                                                                                                                            Imagebase:0x7ff63e740000
                                                                                                                                                            File size:3'379'080 bytes
                                                                                                                                                            MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:19:09:22
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff63e740000
                                                                                                                                                            File size:3'379'080 bytes
                                                                                                                                                            MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:19:09:23
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --do-not-de-elevate http://127.0.0.1:8000/f4698726/6e5a1ad9
                                                                                                                                                            Imagebase:0x7ff63e740000
                                                                                                                                                            File size:3'379'080 bytes
                                                                                                                                                            MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:16
                                                                                                                                                            Start time:19:09:23
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3
                                                                                                                                                            Imagebase:0x7ff63e740000
                                                                                                                                                            File size:3'379'080 bytes
                                                                                                                                                            MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:19
                                                                                                                                                            Start time:19:09:41
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Program Files\Windows Media Player\wmlaunch.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Windows Media Player\wmlaunch.exe"
                                                                                                                                                            Imagebase:0x7ff677830000
                                                                                                                                                            File size:96'256 bytes
                                                                                                                                                            MD5 hash:C8BCC18E4197CD207596A0AD4CDAACAC
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:20
                                                                                                                                                            Start time:19:09:45
                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                            Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                            Imagebase:0x7ff6d1b80000
                                                                                                                                                            File size:21'312 bytes
                                                                                                                                                            MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:false

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:48.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:2%
                                                                                                                                                              Total number of Nodes:1135
                                                                                                                                                              Total number of Limit Nodes:20
                                                                                                                                                              execution_graph 9414 730fff 9415 73100a 9414->9415 9416 73101a 9414->9416 9420 731020 9415->9420 9419 7317a5 14 API calls 9419->9416 9421 731035 9420->9421 9424 73103b 9420->9424 9422 7317a5 14 API calls 9421->9422 9422->9424 9423 7317a5 14 API calls 9425 731047 9423->9425 9424->9423 9426 7317a5 14 API calls 9425->9426 9427 731052 9426->9427 9428 7317a5 14 API calls 9427->9428 9429 73105d 9428->9429 9430 7317a5 14 API calls 9429->9430 9431 731068 9430->9431 9432 7317a5 14 API calls 9431->9432 9433 731073 9432->9433 9434 7317a5 14 API calls 9433->9434 9435 73107e 9434->9435 9436 7317a5 14 API calls 9435->9436 9437 731089 9436->9437 9438 7317a5 14 API calls 9437->9438 9439 731094 9438->9439 9440 7317a5 14 API calls 9439->9440 9441 7310a2 9440->9441 9446 730e4c 9441->9446 9447 730e58 9446->9447 9462 732d5f EnterCriticalSection 9447->9462 9450 730e62 9452 7317a5 14 API calls 9450->9452 9453 730e8c 9450->9453 9452->9453 9463 730eab 9453->9463 9454 730eb7 9455 730ec3 9454->9455 9467 732d5f EnterCriticalSection 9455->9467 9457 730ecd 9458 7310ed 14 API calls 9457->9458 9459 730ee0 9458->9459 9468 730f00 9459->9468 9462->9450 9466 732da7 LeaveCriticalSection 9463->9466 9465 730e99 9465->9454 9466->9465 9467->9457 9471 732da7 LeaveCriticalSection 9468->9471 9470 730eee 9470->9419 9471->9470 9194 72c57d 9195 72c585 9194->9195 9211 73011f 9195->9211 9197 72c590 9218 72c877 9197->9218 9199 72cb32 4 API calls 9200 72c627 9199->9200 9201 72c5a5 9209 72c602 9201->9209 9224 72ca04 9201->9224 9203 72c5be 9203->9209 9227 72cabe InitializeSListHead 9203->9227 9205 72c5d4 9228 72cacd 9205->9228 9207 72c5f7 9234 7301fc 9207->9234 9209->9199 9210 72c61f 9209->9210 9212 730151 9211->9212 9213 73012e 9211->9213 9212->9197 9213->9212 9214 730b8f 14 API calls 9213->9214 9215 730141 9214->9215 9216 731704 29 API calls 9215->9216 9217 73014c 9216->9217 9217->9197 9219 72c883 9218->9219 9220 72c887 9218->9220 9219->9201 9221 72c894 9220->9221 9222 72cb32 4 API calls 9220->9222 9221->9201 9223 72c8fd 9222->9223 9241 72c9d7 9224->9241 9227->9205 9276 730719 9228->9276 9230 72cade 9231 72cae5 9230->9231 9232 72cb32 4 API calls 9230->9232 9231->9207 9233 72caed 9232->9233 9233->9207 9235 731138 68 API calls 9234->9235 9236 730207 9235->9236 9237 73023f 9236->9237 9238 730b8f 14 API calls 9236->9238 9237->9209 9239 730234 9238->9239 9240 731704 29 API calls 9239->9240 9240->9237 9242 72c9e6 9241->9242 9243 72c9ed 9241->9243 9247 73052c 9242->9247 9250 7305a9 9243->9250 9246 72c9eb 9246->9203 9248 7305a9 32 API calls 9247->9248 9249 73053e 9248->9249 9249->9246 9253 7302f5 9250->9253 9254 730301 9253->9254 9261 732d5f EnterCriticalSection 9254->9261 9256 73030f 9262 730350 9256->9262 9258 73031c 9272 730344 9258->9272 9261->9256 9263 7303de 9262->9263 9264 73036b 9262->9264 9263->9258 9264->9263 9265 733e19 32 API calls 9264->9265 9271 7303be 9264->9271 9267 7303b4 9265->9267 9266 733e19 32 API calls 9268 7303d4 9266->9268 9269 7317a5 14 API calls 9267->9269 9270 7317a5 14 API calls 9268->9270 9269->9271 9270->9263 9271->9263 9271->9266 9275 732da7 LeaveCriticalSection 9272->9275 9274 73032d 9274->9246 9275->9274 9277 730737 9276->9277 9281 730757 9276->9281 9278 730b8f 14 API calls 9277->9278 9279 73074d 9278->9279 9280 731704 29 API calls 9279->9280 9280->9281 9281->9230 9500 7301d5 9503 73015c 9500->9503 9504 730168 9503->9504 9511 732d5f EnterCriticalSection 9504->9511 9506 7301a0 9512 7301be 9506->9512 9507 730172 9507->9506 9509 7339aa 14 API calls 9507->9509 9509->9507 9511->9507 9515 732da7 LeaveCriticalSection 9512->9515 9514 7301ac 9515->9514 7370 72c642 7371 72c64e 7370->7371 7398 72c83e 7371->7398 7373 72c655 7374 72c7a8 7373->7374 7385 72c67f 7373->7385 7439 72cb32 IsProcessorFeaturePresent 7374->7439 7376 72c7af 7418 730109 7376->7418 7381 72c69e 7382 72c71f 7406 72cc4d 7382->7406 7385->7381 7385->7382 7421 7300e3 7385->7421 7393 72c745 7394 72c74e 7393->7394 7430 7300be 7393->7430 7433 72c9af 7394->7433 7399 72c847 7398->7399 7446 72cdd5 IsProcessorFeaturePresent 7399->7446 7403 72c858 7404 72c85c 7403->7404 7456 72dabd 7403->7456 7404->7373 7516 72d670 7406->7516 7409 72c725 7410 72fd3e 7409->7410 7518 732727 7410->7518 7412 72c72d 7415 72c56b 7412->7415 7414 72fd47 7414->7412 7524 732a58 7414->7524 8363 72befa GetProcessHeap HeapAlloc 7415->8363 8375 72ff3a 7418->8375 7422 7300f9 7421->7422 7423 730778 7421->7423 7422->7382 7424 731138 68 API calls 7423->7424 7427 730789 7424->7427 7425 730834 68 API calls 7426 7307b3 7425->7426 7427->7425 7428 72cc83 GetModuleHandleW 7429 72c741 7428->7429 7429->7376 7429->7393 7431 72ff3a 21 API calls 7430->7431 7432 7300c9 7431->7432 7432->7394 7434 72c9bb 7433->7434 7435 72c756 7434->7435 8448 7306e9 7434->8448 7435->7381 7437 72c9c9 7438 72dabd 7 API calls 7437->7438 7438->7435 7440 72cb48 7439->7440 7441 72cbf3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7440->7441 7442 72cc3e 7441->7442 7442->7376 7443 7300cd 7444 72ff3a 21 API calls 7443->7444 7445 72c7bd 7444->7445 7447 72c853 7446->7447 7448 72da9e 7447->7448 7462 72df71 7448->7462 7452 72daaf 7453 72daba 7452->7453 7476 72dfad 7452->7476 7453->7403 7455 72daa7 7455->7403 7457 72dad0 7456->7457 7458 72dac6 7456->7458 7457->7404 7459 72df56 6 API calls 7458->7459 7460 72dacb 7459->7460 7461 72dfad DeleteCriticalSection 7460->7461 7461->7457 7463 72df7a 7462->7463 7465 72dfa3 7463->7465 7467 72daa3 7463->7467 7480 72e1ed 7463->7480 7466 72dfad DeleteCriticalSection 7465->7466 7466->7467 7467->7455 7468 72df23 7467->7468 7497 72e0fe 7468->7497 7472 72df53 7472->7452 7475 72df38 7475->7452 7477 72dfd7 7476->7477 7478 72dfb8 7476->7478 7477->7455 7479 72dfc2 DeleteCriticalSection 7478->7479 7479->7477 7479->7479 7485 72e013 7480->7485 7483 72e225 InitializeCriticalSectionAndSpinCount 7484 72e210 7483->7484 7484->7463 7486 72e030 7485->7486 7489 72e034 7485->7489 7486->7483 7486->7484 7488 72e09c GetProcAddress 7488->7486 7489->7486 7489->7488 7490 72e08d 7489->7490 7492 72e0b3 LoadLibraryExW 7489->7492 7490->7488 7491 72e095 FreeLibrary 7490->7491 7491->7488 7493 72e0ca GetLastError 7492->7493 7494 72e0fa 7492->7494 7493->7494 7495 72e0d5 7493->7495 7494->7489 7495->7494 7496 72e0eb LoadLibraryExW 7495->7496 7496->7489 7498 72e013 5 API calls 7497->7498 7499 72e118 7498->7499 7500 72e131 TlsAlloc 7499->7500 7501 72df2d 7499->7501 7501->7475 7502 72e1af 7501->7502 7503 72e013 5 API calls 7502->7503 7504 72e1c9 7503->7504 7505 72e1e4 TlsSetValue 7504->7505 7506 72df46 7504->7506 7505->7506 7506->7472 7507 72df56 7506->7507 7508 72df60 7507->7508 7509 72df66 7507->7509 7511 72e139 7508->7511 7509->7475 7512 72e013 5 API calls 7511->7512 7513 72e153 7512->7513 7514 72e16b TlsFree 7513->7514 7515 72e15f 7513->7515 7514->7515 7515->7509 7517 72cc60 GetStartupInfoW 7516->7517 7517->7409 7519 732730 7518->7519 7520 732762 7518->7520 7527 7311f3 7519->7527 7520->7414 8360 732a08 7524->8360 7528 731204 7527->7528 7529 7311fe 7527->7529 7533 73120a 7528->7533 7583 733cb4 7528->7583 7578 733c75 7529->7578 7536 73120f 7533->7536 7606 730834 7533->7606 7534 731222 7588 731748 7534->7588 7555 732532 7536->7555 7540 731236 7542 733cb4 6 API calls 7540->7542 7541 73124b 7543 733cb4 6 API calls 7541->7543 7544 731242 7542->7544 7545 731257 7543->7545 7595 7317a5 7544->7595 7546 73125b 7545->7546 7547 73126a 7545->7547 7549 733cb4 6 API calls 7546->7549 7601 730f66 7547->7601 7549->7544 7553 7317a5 14 API calls 7554 73127c 7553->7554 7554->7536 8151 732687 7555->8151 7562 73258e 7564 7317a5 14 API calls 7562->7564 7563 73259c 8178 732782 7563->8178 7566 732575 7564->7566 7566->7520 7568 7325d4 7569 730b8f 14 API calls 7568->7569 7571 7325d9 7569->7571 7570 73261b 7573 732664 7570->7573 8189 7321ab 7570->8189 7574 7317a5 14 API calls 7571->7574 7572 7325ef 7572->7570 7575 7317a5 14 API calls 7572->7575 7577 7317a5 14 API calls 7573->7577 7574->7566 7575->7570 7577->7566 7617 733b13 7578->7617 7581 733c9a 7581->7528 7582 733cac TlsGetValue 7584 733b13 5 API calls 7583->7584 7585 733cd0 7584->7585 7586 73121e 7585->7586 7587 733cee TlsSetValue 7585->7587 7586->7533 7586->7534 7593 731755 7588->7593 7589 731795 7635 730b8f 7589->7635 7590 731780 HeapAlloc 7591 73122e 7590->7591 7590->7593 7591->7540 7591->7541 7593->7589 7593->7590 7632 733f49 7593->7632 7596 7317b0 HeapFree 7595->7596 7597 731248 7595->7597 7596->7597 7598 7317c5 GetLastError 7596->7598 7597->7533 7599 7317d2 7598->7599 7600 730b8f 12 API calls 7599->7600 7600->7597 7672 730dfa 7601->7672 7814 73409e 7606->7814 7609 730844 7610 73084e IsProcessorFeaturePresent 7609->7610 7616 73086d 7609->7616 7612 73085a 7610->7612 7850 731508 7612->7850 7613 7300cd 21 API calls 7615 730877 7613->7615 7616->7613 7618 733b43 7617->7618 7621 733b3f 7617->7621 7618->7621 7624 733a48 7618->7624 7621->7581 7621->7582 7622 733b5d GetProcAddress 7622->7621 7623 733b6d 7622->7623 7623->7621 7625 733a59 7624->7625 7626 733aef 7625->7626 7627 733a77 LoadLibraryExW 7625->7627 7631 733ac5 LoadLibraryExW 7625->7631 7626->7621 7626->7622 7628 733a92 GetLastError 7627->7628 7629 733af6 7627->7629 7628->7625 7629->7626 7630 733b08 FreeLibrary 7629->7630 7630->7626 7631->7625 7631->7629 7638 733f75 7632->7638 7649 731289 GetLastError 7635->7649 7637 730b94 7637->7591 7639 733f81 7638->7639 7644 732d5f EnterCriticalSection 7639->7644 7641 733f8c 7645 733fc3 7641->7645 7644->7641 7648 732da7 LeaveCriticalSection 7645->7648 7647 733f54 7647->7593 7648->7647 7650 7312a5 7649->7650 7651 73129f 7649->7651 7653 733cb4 6 API calls 7650->7653 7655 7312a9 SetLastError 7650->7655 7652 733c75 6 API calls 7651->7652 7652->7650 7654 7312c1 7653->7654 7654->7655 7657 731748 12 API calls 7654->7657 7655->7637 7658 7312d6 7657->7658 7659 7312ef 7658->7659 7660 7312de 7658->7660 7662 733cb4 6 API calls 7659->7662 7661 733cb4 6 API calls 7660->7661 7663 7312ec 7661->7663 7664 7312fb 7662->7664 7669 7317a5 12 API calls 7663->7669 7665 731316 7664->7665 7666 7312ff 7664->7666 7667 730f66 12 API calls 7665->7667 7668 733cb4 6 API calls 7666->7668 7670 731321 7667->7670 7668->7663 7669->7655 7671 7317a5 12 API calls 7670->7671 7671->7655 7673 730e06 7672->7673 7686 732d5f EnterCriticalSection 7673->7686 7675 730e10 7687 730e40 7675->7687 7678 730f0c 7679 730f18 7678->7679 7691 732d5f EnterCriticalSection 7679->7691 7681 730f22 7692 7310ed 7681->7692 7683 730f3a 7696 730f5a 7683->7696 7686->7675 7690 732da7 LeaveCriticalSection 7687->7690 7689 730e2e 7689->7678 7690->7689 7691->7681 7693 7310fc 7692->7693 7695 731123 7692->7695 7693->7695 7699 7336dd 7693->7699 7695->7683 7813 732da7 LeaveCriticalSection 7696->7813 7698 730f48 7698->7553 7700 7336f3 7699->7700 7721 73375d 7699->7721 7703 733726 7700->7703 7708 7317a5 14 API calls 7700->7708 7700->7721 7702 7317a5 14 API calls 7704 73377f 7702->7704 7705 733748 7703->7705 7713 7317a5 14 API calls 7703->7713 7706 7317a5 14 API calls 7704->7706 7707 7317a5 14 API calls 7705->7707 7709 733792 7706->7709 7710 733752 7707->7710 7712 73371b 7708->7712 7714 7317a5 14 API calls 7709->7714 7715 7317a5 14 API calls 7710->7715 7711 733819 7716 7317a5 14 API calls 7711->7716 7727 7332a1 7712->7727 7719 73373d 7713->7719 7720 7337a0 7714->7720 7715->7721 7722 73381f 7716->7722 7718 7317a5 14 API calls 7723 7337b9 7718->7723 7755 73339f 7719->7755 7725 7317a5 14 API calls 7720->7725 7721->7702 7726 7337ab 7721->7726 7722->7695 7723->7711 7723->7718 7725->7726 7767 73384e 7726->7767 7728 7332b2 7727->7728 7754 73339b 7727->7754 7729 7317a5 14 API calls 7728->7729 7730 7332c3 7728->7730 7729->7730 7731 7317a5 14 API calls 7730->7731 7732 7332d5 7730->7732 7731->7732 7733 7332e7 7732->7733 7734 7317a5 14 API calls 7732->7734 7735 7332f9 7733->7735 7736 7317a5 14 API calls 7733->7736 7734->7733 7737 73330b 7735->7737 7738 7317a5 14 API calls 7735->7738 7736->7735 7739 73331d 7737->7739 7740 7317a5 14 API calls 7737->7740 7738->7737 7741 73332f 7739->7741 7742 7317a5 14 API calls 7739->7742 7740->7739 7743 733341 7741->7743 7744 7317a5 14 API calls 7741->7744 7742->7741 7745 733353 7743->7745 7746 7317a5 14 API calls 7743->7746 7744->7743 7747 733365 7745->7747 7748 7317a5 14 API calls 7745->7748 7746->7745 7749 733377 7747->7749 7750 7317a5 14 API calls 7747->7750 7748->7747 7751 733389 7749->7751 7752 7317a5 14 API calls 7749->7752 7750->7749 7753 7317a5 14 API calls 7751->7753 7751->7754 7752->7751 7753->7754 7754->7703 7756 7333ac 7755->7756 7766 733404 7755->7766 7757 7333bc 7756->7757 7759 7317a5 14 API calls 7756->7759 7758 7333ce 7757->7758 7760 7317a5 14 API calls 7757->7760 7761 7333e0 7758->7761 7762 7317a5 14 API calls 7758->7762 7759->7757 7760->7758 7763 7333f2 7761->7763 7764 7317a5 14 API calls 7761->7764 7762->7761 7765 7317a5 14 API calls 7763->7765 7763->7766 7764->7763 7765->7766 7766->7705 7768 73385b 7767->7768 7772 73387a 7767->7772 7768->7772 7773 73342d 7768->7773 7771 7317a5 14 API calls 7771->7772 7772->7723 7774 73350b 7773->7774 7775 73343e 7773->7775 7774->7771 7809 733408 7775->7809 7778 733408 14 API calls 7779 733451 7778->7779 7780 733408 14 API calls 7779->7780 7781 73345c 7780->7781 7782 733408 14 API calls 7781->7782 7783 733467 7782->7783 7784 733408 14 API calls 7783->7784 7785 733475 7784->7785 7786 7317a5 14 API calls 7785->7786 7787 733480 7786->7787 7788 7317a5 14 API calls 7787->7788 7789 73348b 7788->7789 7790 7317a5 14 API calls 7789->7790 7791 733496 7790->7791 7792 733408 14 API calls 7791->7792 7793 7334a4 7792->7793 7794 733408 14 API calls 7793->7794 7795 7334b2 7794->7795 7796 733408 14 API calls 7795->7796 7797 7334c3 7796->7797 7798 733408 14 API calls 7797->7798 7799 7334d1 7798->7799 7800 733408 14 API calls 7799->7800 7801 7334df 7800->7801 7802 7317a5 14 API calls 7801->7802 7803 7334ea 7802->7803 7804 7317a5 14 API calls 7803->7804 7805 7334f5 7804->7805 7806 7317a5 14 API calls 7805->7806 7807 733500 7806->7807 7808 7317a5 14 API calls 7807->7808 7808->7774 7810 73341a 7809->7810 7811 733429 7810->7811 7812 7317a5 14 API calls 7810->7812 7811->7778 7812->7810 7813->7698 7856 733fcc 7814->7856 7817 7340e3 7818 7340ef 7817->7818 7819 734151 7818->7819 7820 731289 14 API calls 7818->7820 7821 73413f 7818->7821 7822 734120 7818->7822 7824 734187 7819->7824 7870 732d5f EnterCriticalSection 7819->7870 7820->7822 7823 730b8f 14 API calls 7821->7823 7822->7819 7822->7821 7844 734129 7822->7844 7825 734144 7823->7825 7829 7342c1 7824->7829 7830 7341c4 7824->7830 7840 7341f2 7824->7840 7867 731704 7825->7867 7832 7342cc 7829->7832 7902 732da7 LeaveCriticalSection 7829->7902 7830->7840 7871 731138 GetLastError 7830->7871 7834 7300cd 21 API calls 7832->7834 7839 7342d4 7834->7839 7836 731138 68 API calls 7842 734247 7836->7842 7838 731138 68 API calls 7838->7840 7903 734699 EnterCriticalSection 7839->7903 7898 73426d 7840->7898 7843 731138 68 API calls 7842->7843 7842->7844 7843->7844 7844->7609 7845 734324 7915 734355 7845->7915 7846 7342eb 7846->7845 7904 734517 7846->7904 7851 731524 7850->7851 7852 731550 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7851->7852 7853 731621 7852->7853 8143 72cfb5 7853->8143 7855 73163f 7855->7616 7857 733fd8 7856->7857 7862 732d5f EnterCriticalSection 7857->7862 7859 733fe6 7863 734028 7859->7863 7862->7859 7866 732da7 LeaveCriticalSection 7863->7866 7865 730839 7865->7609 7865->7817 7866->7865 7918 731650 7867->7918 7869 731710 7869->7844 7870->7824 7872 73114e 7871->7872 7876 731154 7871->7876 7874 733c75 6 API calls 7872->7874 7873 733cb4 6 API calls 7875 731170 7873->7875 7874->7876 7877 731158 SetLastError 7875->7877 7879 731748 14 API calls 7875->7879 7876->7873 7876->7877 7881 7311e8 7877->7881 7882 7311ed 7877->7882 7880 731185 7879->7880 7883 73119e 7880->7883 7884 73118d 7880->7884 7881->7838 7885 730834 66 API calls 7882->7885 7887 733cb4 6 API calls 7883->7887 7886 733cb4 6 API calls 7884->7886 7888 7311f2 7885->7888 7889 73119b 7886->7889 7890 7311aa 7887->7890 7893 7317a5 14 API calls 7889->7893 7891 7311c5 7890->7891 7892 7311ae 7890->7892 7894 730f66 14 API calls 7891->7894 7895 733cb4 6 API calls 7892->7895 7893->7877 7896 7311d0 7894->7896 7895->7889 7897 7317a5 14 API calls 7896->7897 7897->7877 7899 734271 7898->7899 7900 734239 7898->7900 7966 732da7 LeaveCriticalSection 7899->7966 7900->7836 7900->7842 7900->7844 7902->7832 7903->7846 7905 73452c 7904->7905 7906 734533 7905->7906 7907 73453e 7905->7907 7967 73440d 7906->7967 7970 7344ae 7907->7970 7912 734539 7912->7845 7913 73455f 7983 73552c 7913->7983 8142 7346ad LeaveCriticalSection 7915->8142 7917 734343 7917->7609 7919 731662 7918->7919 7922 731687 7919->7922 7921 73167a 7921->7869 7923 73169e 7922->7923 7924 731697 7922->7924 7926 7316ac 7923->7926 7937 7314df 7923->7937 7933 730930 GetLastError 7924->7933 7926->7921 7928 7316d3 7928->7926 7940 731714 IsProcessorFeaturePresent 7928->7940 7930 731703 7931 731650 29 API calls 7930->7931 7932 731710 7931->7932 7932->7921 7934 730949 7933->7934 7944 73133a 7934->7944 7938 731503 7937->7938 7939 7314ea GetLastError SetLastError 7937->7939 7938->7928 7939->7928 7941 731720 7940->7941 7942 731508 8 API calls 7941->7942 7943 731735 GetCurrentProcess TerminateProcess 7942->7943 7943->7930 7945 731353 7944->7945 7946 73134d 7944->7946 7948 733cb4 6 API calls 7945->7948 7965 730965 SetLastError 7945->7965 7947 733c75 6 API calls 7946->7947 7947->7945 7949 73136d 7948->7949 7950 731748 14 API calls 7949->7950 7949->7965 7951 73137d 7950->7951 7952 731385 7951->7952 7953 73139a 7951->7953 7955 733cb4 6 API calls 7952->7955 7954 733cb4 6 API calls 7953->7954 7956 7313a6 7954->7956 7962 731391 7955->7962 7957 7313aa 7956->7957 7958 7313b9 7956->7958 7960 733cb4 6 API calls 7957->7960 7961 730f66 14 API calls 7958->7961 7959 7317a5 14 API calls 7959->7965 7960->7962 7963 7313c4 7961->7963 7962->7959 7964 7317a5 14 API calls 7963->7964 7964->7965 7965->7923 7966->7900 7994 734361 7967->7994 7971 7344ee 7970->7971 7972 7344c7 7970->7972 7971->7912 7976 734c3a 7971->7976 7972->7971 7973 734c3a 29 API calls 7972->7973 7974 7344e3 7973->7974 8016 735d4b 7974->8016 7977 734c46 7976->7977 7978 734c5b 7976->7978 7979 730b8f 14 API calls 7977->7979 7978->7913 7980 734c4b 7979->7980 7981 731704 29 API calls 7980->7981 7982 734c56 7981->7982 7982->7913 7984 73554a 7983->7984 7985 73553d 7983->7985 7987 735593 7984->7987 7990 735571 7984->7990 7986 730b8f 14 API calls 7985->7986 7992 735542 7986->7992 7988 730b8f 14 API calls 7987->7988 7989 735598 7988->7989 7991 731704 29 API calls 7989->7991 8108 73548a 7990->8108 7991->7992 7992->7912 7995 73436d 7994->7995 8002 732d5f EnterCriticalSection 7995->8002 7997 734377 7998 7343e3 7997->7998 8003 7342d5 7997->8003 8011 734401 7998->8011 8002->7997 8004 7342e1 8003->8004 8014 734699 EnterCriticalSection 8004->8014 8006 7342eb 8008 734517 68 API calls 8006->8008 8010 734324 8006->8010 8007 734355 LeaveCriticalSection 8009 734343 8007->8009 8008->8010 8009->7997 8010->8007 8015 732da7 LeaveCriticalSection 8011->8015 8013 7343ef 8013->7912 8014->8006 8015->8013 8019 735d57 8016->8019 8017 735d5f 8017->7971 8018 735d98 8020 731687 29 API calls 8018->8020 8019->8017 8019->8018 8021 735dde 8019->8021 8020->8017 8027 732f58 EnterCriticalSection 8021->8027 8023 735de4 8024 735e02 8023->8024 8028 735e5c 8023->8028 8054 735e54 8024->8054 8027->8023 8031 735e84 8028->8031 8052 735ea7 8028->8052 8029 735e88 8030 731687 29 API calls 8029->8030 8030->8052 8031->8029 8032 735ee3 8031->8032 8033 735f01 8032->8033 8057 7364e4 8032->8057 8060 7359d8 8033->8060 8037 735f60 8041 735f74 8037->8041 8042 735fc9 WriteFile 8037->8042 8038 735f19 8039 735f21 8038->8039 8040 735f48 8038->8040 8039->8052 8067 735970 8039->8067 8072 7355a9 GetConsoleOutputCP 8040->8072 8045 735fb5 8041->8045 8046 735f7c 8041->8046 8044 735feb GetLastError 8042->8044 8042->8052 8044->8052 8100 735a55 8045->8100 8049 735fa1 8046->8049 8050 735f81 8046->8050 8092 735c19 8049->8092 8050->8052 8085 735b30 8050->8085 8052->8024 8107 732f7b LeaveCriticalSection 8054->8107 8056 735e5a 8056->8017 8058 736461 31 API calls 8057->8058 8059 7364fd 8058->8059 8059->8033 8061 736163 29 API calls 8060->8061 8062 7359ea 8061->8062 8063 735a4e 8062->8063 8064 735a18 8062->8064 8066 7309e0 67 API calls 8062->8066 8063->8037 8063->8038 8064->8063 8065 735a32 GetConsoleMode 8064->8065 8065->8063 8066->8064 8068 7359c7 8067->8068 8071 735992 8067->8071 8068->8052 8069 736502 CreateFileW CloseHandle WriteConsoleW GetLastError WriteConsoleW 8069->8071 8070 7359c9 GetLastError 8070->8068 8071->8068 8071->8069 8071->8070 8073 73561b 8072->8073 8081 735622 8072->8081 8074 7309e0 64 API calls 8073->8074 8074->8081 8075 72cfb5 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8076 735969 8075->8076 8076->8052 8077 734b07 64 API calls 8077->8081 8078 736359 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8078->8081 8079 7358d8 8079->8075 8079->8079 8080 732bdb WideCharToMultiByte 8080->8081 8081->8077 8081->8078 8081->8079 8081->8080 8081->8081 8082 735851 WriteFile 8081->8082 8084 73588f WriteFile 8081->8084 8082->8081 8083 735947 GetLastError 8082->8083 8083->8079 8084->8081 8084->8083 8090 735b3f 8085->8090 8086 735bfe 8087 72cfb5 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8086->8087 8091 735c17 8087->8091 8088 735bb4 WriteFile 8089 735c00 GetLastError 8088->8089 8088->8090 8089->8086 8090->8086 8090->8088 8091->8052 8099 735c28 8092->8099 8093 735d30 8094 72cfb5 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8093->8094 8095 735d49 8094->8095 8095->8052 8096 732bdb WideCharToMultiByte 8096->8099 8097 735d32 GetLastError 8097->8093 8098 735ce7 WriteFile 8098->8097 8098->8099 8099->8093 8099->8096 8099->8097 8099->8098 8105 735a64 8100->8105 8101 72cfb5 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8102 735b2e 8101->8102 8102->8052 8103 735ad4 WriteFile 8104 735b17 GetLastError 8103->8104 8103->8105 8106 735b15 8104->8106 8105->8103 8105->8106 8106->8101 8107->8056 8109 735496 8108->8109 8121 732f58 EnterCriticalSection 8109->8121 8111 7354a5 8120 7354ea 8111->8120 8122 73302f 8111->8122 8113 730b8f 14 API calls 8114 7354f1 8113->8114 8138 735520 8114->8138 8115 7354d1 FlushFileBuffers 8115->8114 8116 7354dd GetLastError 8115->8116 8135 730b7c 8116->8135 8120->8113 8121->8111 8123 733051 8122->8123 8124 73303c 8122->8124 8127 730b7c 14 API calls 8123->8127 8129 733076 8123->8129 8125 730b7c 14 API calls 8124->8125 8126 733041 8125->8126 8128 730b8f 14 API calls 8126->8128 8130 733081 8127->8130 8131 733049 8128->8131 8129->8115 8132 730b8f 14 API calls 8130->8132 8131->8115 8133 733089 8132->8133 8134 731704 29 API calls 8133->8134 8134->8131 8136 731289 14 API calls 8135->8136 8137 730b81 8136->8137 8137->8120 8141 732f7b LeaveCriticalSection 8138->8141 8140 735509 8140->7992 8141->8140 8142->7917 8144 72cfbe IsProcessorFeaturePresent 8143->8144 8145 72cfbd 8143->8145 8147 72d000 8144->8147 8145->7855 8150 72cfc3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8147->8150 8149 72d0e3 8149->7855 8150->8149 8152 732693 8151->8152 8153 7326ad 8152->8153 8197 732d5f EnterCriticalSection 8152->8197 8155 73255c 8153->8155 8158 730834 68 API calls 8153->8158 8162 7322b9 8155->8162 8156 7326e9 8198 732706 8156->8198 8159 732726 8158->8159 8160 7326bd 8160->8156 8161 7317a5 14 API calls 8160->8161 8161->8156 8202 72f530 8162->8202 8165 7322da GetOEMCP 8168 732303 8165->8168 8166 7322ec 8167 7322f1 GetACP 8166->8167 8166->8168 8167->8168 8168->7566 8169 733511 8168->8169 8170 73354f 8169->8170 8171 73351f 8169->8171 8172 730b8f 14 API calls 8170->8172 8173 73353a HeapAlloc 8171->8173 8177 733523 8171->8177 8175 732586 8172->8175 8174 73354d 8173->8174 8173->8177 8174->8175 8175->7562 8175->7563 8176 733f49 2 API calls 8176->8177 8177->8170 8177->8173 8177->8176 8179 7322b9 70 API calls 8178->8179 8180 7327a2 8179->8180 8181 7327fa 8180->8181 8183 7327df IsValidCodePage 8180->8183 8188 7328a7 8180->8188 8245 73238d 8181->8245 8182 72cfb5 5 API calls 8184 7325c9 8182->8184 8185 7327f1 8183->8185 8183->8188 8184->7568 8184->7572 8185->8181 8186 73281a GetCPInfo 8185->8186 8186->8181 8186->8188 8188->8182 8190 7321b7 8189->8190 8334 732d5f EnterCriticalSection 8190->8334 8192 7321c1 8335 7321f8 8192->8335 8197->8160 8201 732da7 LeaveCriticalSection 8198->8201 8200 73270d 8200->8153 8201->8200 8203 72f54e 8202->8203 8209 72f547 8202->8209 8204 731138 68 API calls 8203->8204 8203->8209 8205 72f56f 8204->8205 8210 731423 8205->8210 8209->8165 8209->8166 8211 72f585 8210->8211 8212 731436 8210->8212 8214 731481 8211->8214 8212->8211 8218 733929 8212->8218 8215 731494 8214->8215 8216 7314a9 8214->8216 8215->8216 8240 73276f 8215->8240 8216->8209 8219 733935 8218->8219 8220 731138 68 API calls 8219->8220 8221 73393e 8220->8221 8222 733984 8221->8222 8231 732d5f EnterCriticalSection 8221->8231 8222->8211 8224 73395c 8232 7339aa 8224->8232 8229 730834 68 API calls 8230 7339a9 8229->8230 8231->8224 8233 7339b8 8232->8233 8235 73396d 8232->8235 8234 7336dd 14 API calls 8233->8234 8233->8235 8234->8235 8236 733989 8235->8236 8239 732da7 LeaveCriticalSection 8236->8239 8238 733980 8238->8222 8238->8229 8239->8238 8241 731138 68 API calls 8240->8241 8242 732774 8241->8242 8243 732687 68 API calls 8242->8243 8244 73277f 8243->8244 8244->8216 8246 7323b5 GetCPInfo 8245->8246 8255 73247e 8245->8255 8252 7323cd 8246->8252 8246->8255 8247 72cfb5 5 API calls 8250 732530 8247->8250 8250->8188 8256 73355f 8252->8256 8254 730d91 71 API calls 8254->8255 8255->8247 8257 72f530 68 API calls 8256->8257 8258 73357f 8257->8258 8276 732b21 8258->8276 8260 733633 8279 730dda 8260->8279 8261 7335ac 8261->8260 8264 733511 15 API calls 8261->8264 8266 73363b 8261->8266 8267 7335d1 8261->8267 8262 72cfb5 5 API calls 8265 732435 8262->8265 8264->8267 8271 730d91 8265->8271 8266->8262 8267->8260 8268 732b21 MultiByteToWideChar 8267->8268 8269 73361a 8268->8269 8269->8260 8270 733621 GetStringTypeW 8269->8270 8270->8260 8272 72f530 68 API calls 8271->8272 8273 730da4 8272->8273 8285 730ba2 8273->8285 8283 732a89 8276->8283 8280 730de6 8279->8280 8281 730df7 8279->8281 8280->8281 8282 7317a5 14 API calls 8280->8282 8281->8266 8282->8281 8284 732a9a MultiByteToWideChar 8283->8284 8284->8261 8286 730bbd 8285->8286 8287 732b21 MultiByteToWideChar 8286->8287 8290 730c01 8287->8290 8288 730d7c 8289 72cfb5 5 API calls 8288->8289 8291 730d8f 8289->8291 8290->8288 8292 733511 15 API calls 8290->8292 8294 730c27 8290->8294 8305 730ccf 8290->8305 8291->8254 8292->8294 8293 730dda 14 API calls 8293->8288 8295 732b21 MultiByteToWideChar 8294->8295 8294->8305 8296 730c70 8295->8296 8296->8305 8313 733d41 8296->8313 8299 730ca6 8304 733d41 7 API calls 8299->8304 8299->8305 8300 730cde 8301 730d67 8300->8301 8302 733511 15 API calls 8300->8302 8306 730cf0 8300->8306 8303 730dda 14 API calls 8301->8303 8302->8306 8303->8305 8304->8305 8305->8293 8306->8301 8307 733d41 7 API calls 8306->8307 8308 730d33 8307->8308 8308->8301 8322 732bdb 8308->8322 8310 730d4d 8310->8301 8311 730d56 8310->8311 8312 730dda 14 API calls 8311->8312 8312->8305 8325 733a14 8313->8325 8316 733d52 LCMapStringEx 8321 730c92 8316->8321 8317 733d79 8328 733d9e 8317->8328 8320 733d92 LCMapStringW 8320->8321 8321->8299 8321->8300 8321->8305 8323 732bee 8322->8323 8324 732c2c WideCharToMultiByte 8323->8324 8324->8310 8326 733b13 5 API calls 8325->8326 8327 733a2a 8326->8327 8327->8316 8327->8317 8331 733a2e 8328->8331 8330 733da9 8330->8320 8332 733b13 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 8331->8332 8333 733a44 8332->8333 8333->8330 8334->8192 8345 732987 8335->8345 8337 73221a 8338 732987 29 API calls 8337->8338 8339 732239 8338->8339 8340 7321ce 8339->8340 8341 7317a5 14 API calls 8339->8341 8342 7321ec 8340->8342 8341->8340 8359 732da7 LeaveCriticalSection 8342->8359 8344 7321da 8344->7573 8346 732998 8345->8346 8350 732994 8345->8350 8347 73299f 8346->8347 8352 7329b2 8346->8352 8348 730b8f 14 API calls 8347->8348 8349 7329a4 8348->8349 8351 731704 29 API calls 8349->8351 8350->8337 8351->8350 8352->8350 8353 7329e0 8352->8353 8354 7329e9 8352->8354 8355 730b8f 14 API calls 8353->8355 8354->8350 8356 730b8f 14 API calls 8354->8356 8357 7329e5 8355->8357 8356->8357 8358 731704 29 API calls 8357->8358 8358->8350 8359->8344 8361 72f530 68 API calls 8360->8361 8362 732a1b 8361->8362 8362->7414 8364 72bf69 8363->8364 8365 72bfb3 8363->8365 8373 72bfeb HeapAlloc 8364->8373 8366 72bfe4 8365->8366 8368 72bfc4 VirtualFree 8365->8368 8369 72bfd1 HeapFree 8365->8369 8366->7428 8368->8365 8369->8365 8370 72bfae 8370->8369 8371 72bf7f 8371->8370 8372 72bf9e HeapFree 8371->8372 8372->8371 8374 72c002 8373->8374 8374->8371 8376 72ff67 8375->8376 8377 72ff79 8375->8377 8378 72cc83 GetModuleHandleW 8376->8378 8387 72fdea 8377->8387 8381 72ff6c 8378->8381 8381->8377 8402 73001e GetModuleHandleExW 8381->8402 8382 72c7b5 8382->7443 8386 72ffcb 8388 72fdf6 8387->8388 8408 732d5f EnterCriticalSection 8388->8408 8390 72fe00 8409 72fe52 8390->8409 8392 72fe0d 8413 72fe2b 8392->8413 8395 72ffd4 8438 730005 8395->8438 8397 72ffde 8398 72fff2 8397->8398 8399 72ffe2 GetCurrentProcess TerminateProcess 8397->8399 8400 73001e 3 API calls 8398->8400 8399->8398 8401 72fffa ExitProcess 8400->8401 8403 73007e 8402->8403 8404 73005d GetProcAddress 8402->8404 8406 730084 FreeLibrary 8403->8406 8407 72ff78 8403->8407 8404->8403 8405 730071 8404->8405 8405->8403 8406->8407 8407->8377 8408->8390 8412 72fe5e 8409->8412 8411 72fec2 8411->8392 8412->8411 8416 730542 8412->8416 8437 732da7 LeaveCriticalSection 8413->8437 8415 72fe19 8415->8382 8415->8395 8417 73054e 8416->8417 8420 73029a 8417->8420 8419 730575 8419->8411 8421 7302a6 8420->8421 8428 732d5f EnterCriticalSection 8421->8428 8423 7302b4 8429 730452 8423->8429 8428->8423 8430 7302c1 8429->8430 8431 730471 8429->8431 8433 7302e9 8430->8433 8431->8430 8432 7317a5 14 API calls 8431->8432 8432->8430 8436 732da7 LeaveCriticalSection 8433->8436 8435 7302d2 8435->8419 8436->8435 8437->8415 8441 732de3 8438->8441 8440 73000a 8440->8397 8442 732df2 8441->8442 8443 732dff 8442->8443 8445 733b98 8442->8445 8443->8440 8446 733b13 5 API calls 8445->8446 8447 733bb4 8446->8447 8447->8443 8449 730706 8448->8449 8450 7306f4 8448->8450 8449->7437 8451 730702 8450->8451 8453 73457c 8450->8453 8451->7437 8454 73440d 68 API calls 8453->8454 8455 734583 8454->8455 8455->8451 8616 73464d 8617 73457c 68 API calls 8616->8617 8618 734655 8617->8618 8626 736078 8618->8626 8620 73465a 8636 736123 8620->8636 8623 734684 8624 7317a5 14 API calls 8623->8624 8625 73468f 8624->8625 8627 736084 8626->8627 8640 732d5f EnterCriticalSection 8627->8640 8629 7360fb 8645 73611a 8629->8645 8632 7360cf DeleteCriticalSection 8633 7317a5 14 API calls 8632->8633 8635 73608f 8633->8635 8635->8629 8635->8632 8641 736659 8635->8641 8637 73613a 8636->8637 8639 734669 DeleteCriticalSection 8636->8639 8638 7317a5 14 API calls 8637->8638 8637->8639 8638->8639 8639->8620 8639->8623 8640->8635 8642 73666c 8641->8642 8648 736534 8642->8648 8644 736678 8644->8635 8720 732da7 LeaveCriticalSection 8645->8720 8647 736107 8647->8620 8649 736540 8648->8649 8650 73654a 8649->8650 8651 73656d 8649->8651 8652 731687 29 API calls 8650->8652 8653 736565 8651->8653 8659 734699 EnterCriticalSection 8651->8659 8652->8653 8653->8644 8655 73658b 8660 7365cb 8655->8660 8657 736598 8674 7365c3 8657->8674 8659->8655 8661 7365fb 8660->8661 8662 7365d8 8660->8662 8664 7344ae 68 API calls 8661->8664 8673 7365f3 8661->8673 8663 731687 29 API calls 8662->8663 8663->8673 8665 736613 8664->8665 8666 736123 14 API calls 8665->8666 8667 73661b 8666->8667 8668 734c3a 29 API calls 8667->8668 8669 736627 8668->8669 8677 736e4c 8669->8677 8672 7317a5 14 API calls 8672->8673 8673->8657 8719 7346ad LeaveCriticalSection 8674->8719 8676 7365c9 8676->8653 8678 736e75 8677->8678 8683 73662e 8677->8683 8679 736ec4 8678->8679 8681 736e9c 8678->8681 8680 731687 29 API calls 8679->8680 8680->8683 8684 736dbb 8681->8684 8683->8672 8683->8673 8685 736dc7 8684->8685 8692 732f58 EnterCriticalSection 8685->8692 8687 736dd5 8688 736e06 8687->8688 8693 736eef 8687->8693 8706 736e40 8688->8706 8692->8687 8694 73302f 29 API calls 8693->8694 8697 736eff 8694->8697 8695 736f05 8709 732f9e 8695->8709 8697->8695 8698 736f37 8697->8698 8700 73302f 29 API calls 8697->8700 8698->8695 8699 73302f 29 API calls 8698->8699 8701 736f43 CloseHandle 8699->8701 8702 736f2e 8700->8702 8701->8695 8703 736f4f GetLastError 8701->8703 8704 73302f 29 API calls 8702->8704 8703->8695 8704->8698 8705 736f5d 8705->8688 8718 732f7b LeaveCriticalSection 8706->8718 8708 736e29 8708->8683 8710 733014 8709->8710 8711 732fad 8709->8711 8712 730b8f 14 API calls 8710->8712 8711->8710 8715 732fd7 8711->8715 8713 733019 8712->8713 8714 730b7c 14 API calls 8713->8714 8716 733004 8714->8716 8715->8716 8717 732ffe SetStdHandle 8715->8717 8716->8705 8717->8716 8718->8708 8719->8676 8720->8647 8464 732727 8465 732730 8464->8465 8466 732762 8464->8466 8467 7311f3 68 API calls 8465->8467 8468 732753 8467->8468 8469 732532 77 API calls 8468->8469 8469->8466 8837 733215 8838 733221 8837->8838 8849 732d5f EnterCriticalSection 8838->8849 8840 733228 8850 732eba 8840->8850 8848 733246 8874 73326c 8848->8874 8849->8840 8851 732ec6 8850->8851 8852 732ef0 8851->8852 8853 732ecf 8851->8853 8877 732d5f EnterCriticalSection 8852->8877 8854 730b8f 14 API calls 8853->8854 8856 732ed4 8854->8856 8857 731704 29 API calls 8856->8857 8858 732ede 8857->8858 8858->8848 8863 7330af GetStartupInfoW 8858->8863 8859 732f28 8885 732f4f 8859->8885 8860 732efc 8860->8859 8878 732e0a 8860->8878 8864 733160 8863->8864 8865 7330cc 8863->8865 8869 733165 8864->8869 8865->8864 8866 732eba 30 API calls 8865->8866 8867 7330f4 8866->8867 8867->8864 8868 733124 GetFileType 8867->8868 8868->8867 8870 73316c 8869->8870 8871 7331af GetStdHandle 8870->8871 8872 733211 8870->8872 8873 7331c2 GetFileType 8870->8873 8871->8870 8872->8848 8873->8870 8894 732da7 LeaveCriticalSection 8874->8894 8876 733257 8877->8860 8879 731748 14 API calls 8878->8879 8881 732e1c 8879->8881 8880 732e29 8882 7317a5 14 API calls 8880->8882 8881->8880 8888 733cf6 8881->8888 8884 732e7e 8882->8884 8884->8860 8893 732da7 LeaveCriticalSection 8885->8893 8887 732f56 8887->8858 8889 733b13 5 API calls 8888->8889 8890 733d12 8889->8890 8891 733d30 InitializeCriticalSectionAndSpinCount 8890->8891 8892 733d1b 8890->8892 8891->8892 8892->8881 8893->8887 8894->8876 8456 72bc80 CreateEventW 8457 72bc93 WaitForSingleObject 8456->8457 8458 72bcce 8456->8458 8459 72bcac 8457->8459 8460 72bcb3 8459->8460 8461 72bcc6 CloseHandle 8459->8461 8462 72bfeb HeapAlloc 8460->8462 8461->8458 8463 72bcc3 8462->8463 8463->8461 8922 739000 8923 739009 8922->8923 8924 7392cc 7 API calls 8923->8924 8925 739042 8924->8925 8470 73900c 8471 738fa9 8470->8471 8471->8470 8474 7392cc 8471->8474 8473 739042 8486 739277 GetPEB 8474->8486 8476 7392e5 8477 739309 VirtualAlloc 8476->8477 8482 7393fa 8476->8482 8478 739321 8477->8478 8477->8482 8488 739098 VirtualAlloc 8478->8488 8481 7393eb VirtualFree 8481->8482 8482->8473 8483 739359 VirtualAlloc 8483->8481 8484 739370 8483->8484 8485 7393ae VirtualProtect 8484->8485 8485->8481 8487 739295 8486->8487 8487->8476 8489 739270 8488->8489 8491 7390d0 VirtualFree 8488->8491 8489->8481 8489->8483 8491->8489

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 0072BEFA Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 86memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 21 72befa-72bf67 GetProcessHeap HeapAlloc 22 72bfd6-72bfe2 21->22 23 72bf69-72bf82 call 72bfeb 21->23 24 72bfb3-72bfc2 22->24 25 72bfe4-72bfe8 22->25 30 72bfa4-72bfac 23->30 27 72bfd0 24->27 28 72bfc4-72bfce VirtualFree 24->28 31 72bfd1-72bfd4 HeapFree 27->31 28->27 32 72bf84-72bf93 30->32 33 72bfae-72bfb1 30->33 31->22 34 72bf95-72bf9b 32->34 35 72bf9e-72bfa2 HeapFree 32->35 33->31 34->35 35->30
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32 ref: 0072BF03
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00040000), ref: 0072BF56
                                                                                                                                                                • Part of subcall function 0072BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0072BF7F,?,0072BC80,00000000), ref: 0072BFF6
                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 0072BFA2
                                                                                                                                                              • VirtualFree.KERNELBASE(00000100,00000000,00008000), ref: 0072BFCE
                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,0077B188), ref: 0072BFD4
                                                                                                                                                              Strings
                                                                                                                                                              • @UZ9KrMCHCOQ4kwXimLXy4kkN0rlcSH-fXDB7GhzKXzy1PIccDrbnizyn|l7XdzoWY8t0rgscHoSSTgc1A1lPbIrSnKX0boO1tTFDAhM6ymSbOKYJnKJdmYE7QCLhzhk5tawwznpabUDCWGVI7Zw26LGwbNWhJag32yCcCO80GNHhhIH8RzY9US|TC5yy4gbMgXUL5Pa938gCzzs1S4|C13xQ8SFs2CgwdW2e1XDW1v1oBUsCSurEwiYszZyGuQUKPhn, xrefs: 0072BF36
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$Free$Alloc$ProcessVirtual
                                                                                                                                                              • String ID: @UZ9KrMCHCOQ4kwXimLXy4kkN0rlcSH-fXDB7GhzKXzy1PIccDrbnizyn|l7XdzoWY8t0rgscHoSSTgc1A1lPbIrSnKX0boO1tTFDAhM6ymSbOKYJnKJdmYE7QCLhzhk5tawwznpabUDCWGVI7Zw26LGwbNWhJag32yCcCO80GNHhhIH8RzY9US|TC5yy4gbMgXUL5Pa938gCzzs1S4|C13xQ8SFs2CgwdW2e1XDW1v1oBUsCSurEwiYszZyGuQUKPhn
                                                                                                                                                              • API String ID: 3808331028-2215798367
                                                                                                                                                              • Opcode ID: d2212b29d0023eabac9cbf25bac89a9623423b0c5628133953a0cefbc4785afc
                                                                                                                                                              • Instruction ID: 558316503d04a29c616be8a5d9e03bf320067bff8ccda41f473bf06b296ba146
                                                                                                                                                              • Opcode Fuzzy Hash: d2212b29d0023eabac9cbf25bac89a9623423b0c5628133953a0cefbc4785afc
                                                                                                                                                              • Instruction Fuzzy Hash: 09314871E00219AFCB10CFA9ED84BAEBBF4FF09350F10802AE559A7250D739A945CF94
                                                                                                                                                              Function 00733A48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 0 733a48-733a54 1 733ae6-733ae9 0->1 2 733a59-733a6a 1->2 3 733aef 1->3 5 733a77-733a90 LoadLibraryExW 2->5 6 733a6c-733a6f 2->6 4 733af1-733af5 3->4 9 733a92-733a9b GetLastError 5->9 10 733af6-733b06 5->10 7 733a75 6->7 8 733b0f-733b11 6->8 12 733ae3 7->12 8->4 13 733ad4-733ae1 9->13 14 733a9d-733aaf call 730ab8 9->14 10->8 11 733b08-733b09 FreeLibrary 10->11 11->8 12->1 13->12 14->13 17 733ab1-733ac3 call 730ab8 14->17 17->13 20 733ac5-733ad2 LoadLibraryExW 17->20 20->10 20->13
                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00733B57,007343DB,?,00000000,00000000,00000000,?,00733CD0,00000022,FlsSetValue,00774078,00774080,00000000), ref: 00733B09
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                              • Opcode ID: 80ed8a76455529e819e7239c5ed9b97e6f277ed20f667992309455dbe59d71af
                                                                                                                                                              • Instruction ID: 1138a1b74174c42e67ba809149aa8df68b0bae42e11886582071846b06752474
                                                                                                                                                              • Opcode Fuzzy Hash: 80ed8a76455529e819e7239c5ed9b97e6f277ed20f667992309455dbe59d71af
                                                                                                                                                              • Instruction Fuzzy Hash: DB210A72B01211ABEB319B24EC45A6BB768DB417A0F15C221F946A7292DB7CEF00C7D0
                                                                                                                                                              Function 007392CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00739314
                                                                                                                                                                • Part of subcall function 00739098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007390C1
                                                                                                                                                                • Part of subcall function 00739098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0073926D
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00739366
                                                                                                                                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007393C0
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 007393F3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000003.144624891225.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00739000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_3_739000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$Alloc$Free$Protect
                                                                                                                                                              • String ID: ,
                                                                                                                                                              • API String ID: 1004437363-3772416878
                                                                                                                                                              • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                              • Instruction ID: 7e4707b4a9c4ce8b0c39efedc24524179f48eddbeb0d629f966f089d7b53048b
                                                                                                                                                              • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                              • Instruction Fuzzy Hash: B2510CB590060AEFDB10DFA9C885A9EBBF4FF08344F10851AFA59A7241D374E951CB94
                                                                                                                                                              Function 007392CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00739314
                                                                                                                                                                • Part of subcall function 00739098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007390C1
                                                                                                                                                                • Part of subcall function 00739098: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0073926D
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00739366
                                                                                                                                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007393C0
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 007393F3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$Alloc$Free$Protect
                                                                                                                                                              • String ID: ,
                                                                                                                                                              • API String ID: 1004437363-3772416878
                                                                                                                                                              • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                              • Instruction ID: 7e4707b4a9c4ce8b0c39efedc24524179f48eddbeb0d629f966f089d7b53048b
                                                                                                                                                              • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                              • Instruction Fuzzy Hash: B2510CB590060AEFDB10DFA9C885A9EBBF4FF08344F10851AFA59A7241D374E951CB94
                                                                                                                                                              Function 0072BC80 Relevance: 4.5, APIs: 3, Instructions: 30synchronizationCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0072BC87
                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0072BC9A
                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 0072BCC7
                                                                                                                                                                • Part of subcall function 0072BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0072BF7F,?,0072BC80,00000000), ref: 0072BFF6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocCloseCreateEventHandleHeapObjectSingleWait
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 783827187-0
                                                                                                                                                              • Opcode ID: 80f83029d72eb5a81ec859840fb7d0b7b931b5c36d29c1242157268b9fda220e
                                                                                                                                                              • Instruction ID: ddd53e3c57973ac33119c4799818add6c4874b2f809c37693d6443e619490ff7
                                                                                                                                                              • Opcode Fuzzy Hash: 80f83029d72eb5a81ec859840fb7d0b7b931b5c36d29c1242157268b9fda220e
                                                                                                                                                              • Instruction Fuzzy Hash: B1E06DB9901622BBD3112B20AD0AD7B776CEF927417048526F914E2250DF28DC41C6B5
                                                                                                                                                              Function 0072FFD4 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000002,?,0072FFCB,00730877,00730877,?,00000002,030027E4,00730877,00000002), ref: 0072FFE5
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,0072FFCB,00730877,00730877,?,00000002,030027E4,00730877,00000002), ref: 0072FFEC
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0072FFFE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 22a7e8f78f0f60e319ae50290026c581883e553723343d6b15cc0802d5cbe93d
                                                                                                                                                              • Instruction ID: 39ceb0dd4a31aa2b9296572dc4101c5f3e68a41d8d7eb1d66c4bfe8f5aec4ee6
                                                                                                                                                              • Opcode Fuzzy Hash: 22a7e8f78f0f60e319ae50290026c581883e553723343d6b15cc0802d5cbe93d
                                                                                                                                                              • Instruction Fuzzy Hash: 59D09275000159EBDF152FA0ED0DA8E3F2AAF46341B50C021BA094A072DF7D9992DA98
                                                                                                                                                              Function 00732782 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 77 732782-7327aa call 7322b9 80 7327b0-7327b6 77->80 81 73296f-732970 call 73232a 77->81 83 7327b9-7327bf 80->83 84 732975-732977 81->84 85 7327c5-7327d1 83->85 86 7328bb-7328da call 72d670 83->86 88 732978-732986 call 72cfb5 84->88 85->83 89 7327d3-7327d9 85->89 94 7328dd-7328e2 86->94 92 7328b3-7328b6 89->92 93 7327df-7327eb IsValidCodePage 89->93 92->88 93->92 96 7327f1-7327f8 93->96 97 7328e4-7328e9 94->97 98 73291f-732929 94->98 99 73281a-732827 GetCPInfo 96->99 100 7327fa-732806 96->100 104 7328eb-7328f3 97->104 105 73291c 97->105 98->94 106 73292b-732955 call 73227b 98->106 102 7328a7-7328ad 99->102 103 732829-732848 call 72d670 99->103 101 73280a-732815 100->101 107 732967-732968 call 73238d 101->107 102->81 102->92 103->101 118 73284a-732851 103->118 109 7328f5-7328f8 104->109 110 732914-73291a 104->110 105->98 116 732956-732965 106->116 117 73296d 107->117 115 7328fa-732900 109->115 110->97 110->105 115->110 119 732902-732912 115->119 116->107 116->116 117->84 120 732853-732858 118->120 121 73287d-732880 118->121 119->110 119->115 120->121 122 73285a-732862 120->122 123 732885-73288c 121->123 124 732875-73287b 122->124 125 732864-73286b 122->125 123->123 126 73288e-7328a2 call 73227b 123->126 124->120 124->121 127 73286c-732873 125->127 126->101 127->124 127->127
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007322B9: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 007322E4
                                                                                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,007325C9,?,00000000,?,00000000,?), ref: 007327E3
                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,007325C9,?,00000000,?,00000000,?), ref: 0073281F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CodeInfoPageValid
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 546120528-0
                                                                                                                                                              • Opcode ID: 6b1a65cc9c57d25888ca01b604c7b5c63af43e11b92954c91a51696421ed12db
                                                                                                                                                              • Instruction ID: 39cfb7065ab6828e8e32ba75bb7159217c66cea53809c1cd9193a70ec4087d29
                                                                                                                                                              • Opcode Fuzzy Hash: 6b1a65cc9c57d25888ca01b604c7b5c63af43e11b92954c91a51696421ed12db
                                                                                                                                                              • Instruction Fuzzy Hash: 5E512171A003459EFB20CF75C8857EABBE5EF85300F18816ED09697253E6BCA947CB90
                                                                                                                                                              Function 00733D41 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 130 733d41-733d50 call 733a14 133 733d52-733d77 LCMapStringEx 130->133 134 733d79-733d93 call 733d9e LCMapStringW 130->134 138 733d99-733d9b 133->138 134->138
                                                                                                                                                              APIs
                                                                                                                                                              • LCMapStringEx.KERNELBASE(?,00730C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00733D75
                                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,00730C92,?,?,-00000008,?,00000000), ref: 00733D93
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2568140703-0
                                                                                                                                                              • Opcode ID: c50e69208b90c943fc1b570c67b8d6d73c6dbecda97803ba424a902a5efe7eff
                                                                                                                                                              • Instruction ID: f6c724abd8f13d6991fa9077b12b0a13e56dd1d55579a4ad7652163e1a5dd835
                                                                                                                                                              • Opcode Fuzzy Hash: c50e69208b90c943fc1b570c67b8d6d73c6dbecda97803ba424a902a5efe7eff
                                                                                                                                                              • Instruction Fuzzy Hash: EEF0643A50025ABBCF226F90DC09DDE3F26AB483A0F058111BA1925021CB3ACA71AB90
                                                                                                                                                              Function 00739098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007390C1
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0073926D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000003.144624891225.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00739000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_3_739000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction ID: 534128a2240ef2fc136b20171836f8c973f66d18c59ab77d8f482f94ca373203
                                                                                                                                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction Fuzzy Hash: D4719C71E0464AEFDB41CF98C881BEEBBF0BB09314F244095E565F7242D278AA91DB64
                                                                                                                                                              Function 00739098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 139 739098-7390ca VirtualAlloc 140 739270-739274 139->140 141 7390d0-7390d4 139->141 142 7390dd-7390e4 141->142 143 7390f1-7390f8 142->143 144 7390e6-7390ef 142->144 146 7390fc-73910e 143->146 144->142 147 739133-73913b 146->147 148 739110-739116 146->148 151 73913d-739143 147->151 152 73919c-7391a2 147->152 149 739118 148->149 150 73911d-739130 148->150 155 739260-73926d VirtualFree 149->155 150->147 156 739145 151->156 157 73914a-739167 151->157 153 7391a4 152->153 154 7391a9-7391b0 152->154 153->155 158 7391b2 154->158 159 7391b7-7391fa 154->159 155->140 156->155 160 739169 157->160 161 73916e-739197 157->161 158->155 162 739203-739209 159->162 160->155 163 73925b 161->163 162->163 164 73920b-739238 162->164 163->146 165 73923a 164->165 166 73923c-739259 164->166 165->163 166->162
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007390C1
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0073926D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction ID: 534128a2240ef2fc136b20171836f8c973f66d18c59ab77d8f482f94ca373203
                                                                                                                                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction Fuzzy Hash: D4719C71E0464AEFDB41CF98C881BEEBBF0BB09314F244095E565F7242D278AA91DB64
                                                                                                                                                              Function 0073238D Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 168 73238d-7323af 169 7324c1-7324e7 168->169 170 7323b5-7323c7 GetCPInfo 168->170 172 7324ec-7324f1 169->172 170->169 171 7323cd-7323d4 170->171 173 7323d6-7323e0 171->173 174 7324f3-7324f9 172->174 175 7324fb-732501 172->175 173->173 178 7323e2-7323f5 173->178 179 732509-73250b 174->179 176 732503-732506 175->176 177 73250d 175->177 176->179 180 73250f-732521 177->180 181 732416-732418 178->181 179->180 180->172 182 732523-732531 call 72cfb5 180->182 183 7323f7-7323fe 181->183 184 73241a-732451 call 73355f call 730d91 181->184 186 73240d-73240f 183->186 194 732456-732484 call 730d91 184->194 190 732411-732414 186->190 191 732400-732402 186->191 190->181 191->190 193 732404-73240c 191->193 193->186 197 732486-732491 194->197 198 732493-73249d 197->198 199 73249f-7324a2 197->199 200 7324b2-7324bd 198->200 201 7324b0 199->201 202 7324a4-7324ae 199->202 200->197 203 7324bf 200->203 201->200 202->200 203->182
                                                                                                                                                              APIs
                                                                                                                                                              • GetCPInfo.KERNEL32(FFFFF9B5,?,00000005,007325C9,?), ref: 007323BF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Info
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1807457897-0
                                                                                                                                                              • Opcode ID: c44b21ec26a01e754d108aa04fa09242c6cb949cb3b2db5809c70be8f05f3528
                                                                                                                                                              • Instruction ID: caad27eda65361d5a5e5b9a013532bcaa5e4b68d4ff8904d50577541008668bd
                                                                                                                                                              • Opcode Fuzzy Hash: c44b21ec26a01e754d108aa04fa09242c6cb949cb3b2db5809c70be8f05f3528
                                                                                                                                                              • Instruction Fuzzy Hash: D9515AB1504198AFEB118A28CC84BE9BBADFF15304F2441E9E589C7143D37DAE86CF60
                                                                                                                                                              Function 00733B13 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 204 733b13-733b3d 205 733b43-733b45 204->205 206 733b3f-733b41 204->206 208 733b47-733b49 205->208 209 733b4b-733b52 call 733a48 205->209 207 733b94-733b97 206->207 208->207 211 733b57-733b5b 209->211 212 733b7a-733b91 211->212 213 733b5d-733b6b GetProcAddress 211->213 214 733b93 212->214 213->212 215 733b6d-733b78 call 72f7a6 213->215 214->207 215->214
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3025e4ec07875e82f5dac9136057b5859884c9cba8795d0acf55f976e970153a
                                                                                                                                                              • Instruction ID: 9e94fe5db0a68b9005e7d10b20953544d2ef7622462a59c89f416789d2c01904
                                                                                                                                                              • Opcode Fuzzy Hash: 3025e4ec07875e82f5dac9136057b5859884c9cba8795d0acf55f976e970153a
                                                                                                                                                              • Instruction Fuzzy Hash: AD014073600325AFBF22CF6CEC44E5AB3A5FBC1761B248024F509C7155DB39D9818B95

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0072CB32 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0072CB3E
                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0072CC0A
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0072CC2A
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 0072CC34
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                              • Opcode ID: b587c31b75d579f1dbc5323a0da3fade5d29da2011e651cfe6ebdea1679d8c5f
                                                                                                                                                              • Instruction ID: e95f7f48c96c3eb65bed90ccaeac7c667ab06fd77580cc8cd2434a93eb7645b2
                                                                                                                                                              • Opcode Fuzzy Hash: b587c31b75d579f1dbc5323a0da3fade5d29da2011e651cfe6ebdea1679d8c5f
                                                                                                                                                              • Instruction Fuzzy Hash: 3B312B75D4522DDBDB21DFA4D9497CDBBB8BF18300F1040AAE50DAB250EB745A84CF15
                                                                                                                                                              Function 0072CA19 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0072CA2B
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0072CA3A
                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0072CA43
                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0072CA50
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                              • Opcode ID: 9bb785ab6d0cb307ab1ffda98f959e46f84c321b9730516be65ea56d1958d221
                                                                                                                                                              • Instruction ID: c09f88c772a017d04ea54136e3d2658bf551d1a6088988c9ffaf05587a7a2e8d
                                                                                                                                                              • Opcode Fuzzy Hash: 9bb785ab6d0cb307ab1ffda98f959e46f84c321b9730516be65ea56d1958d221
                                                                                                                                                              • Instruction Fuzzy Hash: 3FF05F75C10209EBCF00DBB4D949ADEBBF8EF18215F5184969512E7160E738AB04DF55
                                                                                                                                                              Function 0072CFC3 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0072D0E3,0077220C), ref: 0072CFC8
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0072D0E3,?,0072D0E3,0077220C), ref: 0072CFD1
                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,0072D0E3,0077220C), ref: 0072CFDC
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,0072D0E3,0077220C), ref: 0072CFE3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                              • Opcode ID: 61d2f5eff66d2adeda3dfb04560adeded9bfef343da85826252f9f47434e3563
                                                                                                                                                              • Instruction ID: 14e10fe134be3761943941aba41d5be61fb3fa07aa1c7620392bb9bc561526f2
                                                                                                                                                              • Opcode Fuzzy Hash: 61d2f5eff66d2adeda3dfb04560adeded9bfef343da85826252f9f47434e3563
                                                                                                                                                              • Instruction Fuzzy Hash: 3AD00275044105EBDB103BE1ED0DACE7F38EB06656F00C452F70D85471DB7D54558B69
                                                                                                                                                              Function 00731508 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00731600
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0073160A
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00731617
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                              • Opcode ID: dbb380eebd305ed442087b91760272716630646c58b5883cd022e9155d7be5af
                                                                                                                                                              • Instruction ID: 7a62a2227c60d663da770c3a68035ef4270f023fb48bb0ed2e255215d2940ae1
                                                                                                                                                              • Opcode Fuzzy Hash: dbb380eebd305ed442087b91760272716630646c58b5883cd022e9155d7be5af
                                                                                                                                                              • Instruction Fuzzy Hash: 7831D47490122CDBCB21DF64D9897CDBBB8BF18310F5041EAE41CA6261EB349F858F45
                                                                                                                                                              Function 007381D2 Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007381CD,?,?,00000008,?,?,00737DCF,00000000), ref: 007383FF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                              • Opcode ID: 2ae7457eea7fd3d0f46198b3c9fc173dbde7069ab7de2ad3bcfd587ca1765afe
                                                                                                                                                              • Instruction ID: 2919d6099fa8c754b6bf72b27be0ca231471b92a964de6cab4945a3b77a2d052
                                                                                                                                                              • Opcode Fuzzy Hash: 2ae7457eea7fd3d0f46198b3c9fc173dbde7069ab7de2ad3bcfd587ca1765afe
                                                                                                                                                              • Instruction Fuzzy Hash: 66B14C31510609DFE755CF28C48AB697BE0FF45364F298658F899CF2A2C739D982CB41
                                                                                                                                                              Function 0072CDD5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0072CDEB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                              • Opcode ID: d9733b1a07a715e03f972dde4ac2514e97516c5c814bd59915417705da3e5669
                                                                                                                                                              • Instruction ID: ff9c8eacbe34082167ec9fc6404dc8b4b6c33ca97bd9ac969cf136183eba8aa5
                                                                                                                                                              • Opcode Fuzzy Hash: d9733b1a07a715e03f972dde4ac2514e97516c5c814bd59915417705da3e5669
                                                                                                                                                              • Instruction Fuzzy Hash: 3F518DB1E112198FEB16CF59E9957AEB7F0FB98350F2480AAD409EB250D3789980CF50
                                                                                                                                                              Function 00731B09 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c69e5a4e976dd78fa6761d7ccb61c64711f1008ecd2c54004d3a3b6241d048b
                                                                                                                                                              • Instruction ID: fa7d3bb7b466c201acf3540bbcb0b4f870d2cd9c1a4202260911e30589d92c1f
                                                                                                                                                              • Opcode Fuzzy Hash: 1c69e5a4e976dd78fa6761d7ccb61c64711f1008ecd2c54004d3a3b6241d048b
                                                                                                                                                              • Instruction Fuzzy Hash: CA4187B584421DAEDB14DF69CC89EAAB7B9AF45300F5442D9E41D93202DA399E448F60
                                                                                                                                                              Function 0072CCC5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0002CCD1,0072C635), ref: 0072CCCA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                              • Opcode ID: 72dc4981be3c1c5cc164631874c2e0331b09188f199f95991d7fc5606e19c014
                                                                                                                                                              • Instruction ID: 0c91a4fa4af2bd02e07309e54c95e028ee039a4cb5e549923dc19c3ab5bcf0a3
                                                                                                                                                              • Opcode Fuzzy Hash: 72dc4981be3c1c5cc164631874c2e0331b09188f199f95991d7fc5606e19c014
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Function 0072C231 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: adb2c82ed73be2484022b111aab4ec47593dc637a34fecf9fe1f4571a56a1d5d
                                                                                                                                                              • Instruction ID: 23728f06cb21c23957d440cd457d86cb2fc3e9f5768e2f7523e64e784e1f477d
                                                                                                                                                              • Opcode Fuzzy Hash: adb2c82ed73be2484022b111aab4ec47593dc637a34fecf9fe1f4571a56a1d5d
                                                                                                                                                              • Instruction Fuzzy Hash: 3B5194216182E64ED31D8A2D5865579FFE0AB96101F4C87EFE4DADB283C41CC545C7B1
                                                                                                                                                              Function 0072C400 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1aed5afa438b46f4932a58a207b84188bada079cf701295aac268e9d52d93355
                                                                                                                                                              • Instruction ID: 67204847b92d58cafaa0a9e2ac216dd8b34dfa397a96b71dff860b0afadc318f
                                                                                                                                                              • Opcode Fuzzy Hash: 1aed5afa438b46f4932a58a207b84188bada079cf701295aac268e9d52d93355
                                                                                                                                                              • Instruction Fuzzy Hash: BB3172605040A50DE76D873E4879139FFE0AA8A24274983AFE4FBCA1D3D51CC145DBB0
                                                                                                                                                              Function 00739277 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000003.144624891225.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00739000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_3_739000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                              • Instruction ID: c7114bd785f3d5979f11d56d790a27323d55fc2737d14d5c2f6c751a4298636a
                                                                                                                                                              • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                              • Instruction Fuzzy Hash: D5F06D79A00A00EF9B24DF4AC548C96B7F6FB85720F6545A5E5049B222D3F8ED44CBA0
                                                                                                                                                              Function 00739277 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                              • Instruction ID: c7114bd785f3d5979f11d56d790a27323d55fc2737d14d5c2f6c751a4298636a
                                                                                                                                                              • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                              • Instruction Fuzzy Hash: D5F06D79A00A00EF9B24DF4AC548C96B7F6FB85720F6545A5E5049B222D3F8ED44CBA0
                                                                                                                                                              Function 0073001E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,030027E4,?,?,00000000,00738ADF,000000FF,?,0072FFFA,00000002,?,0072FFCB,00730877), ref: 00730053
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00730065
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00738ADF,000000FF,?,0072FFFA,00000002,?,0072FFCB,00730877), ref: 00730087
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: b30c1c3f7e496a30459d132a7e1cf31ed11a9372fdcc302a8a5eeca1722d6108
                                                                                                                                                              • Instruction ID: e92579d1334d62e226e3fd40b5841f0b200283d9ceb735469a19166486413e88
                                                                                                                                                              • Opcode Fuzzy Hash: b30c1c3f7e496a30459d132a7e1cf31ed11a9372fdcc302a8a5eeca1722d6108
                                                                                                                                                              • Instruction Fuzzy Hash: 6001A775640659EFDB158F50DC19BAFB7B8FB05B10F008226F821A22A0DB7C9800CA90
                                                                                                                                                              Function 0072E0B3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0072E064,00000000,?,0077B528,?,?,?,0072E207,00000004,InitializeCriticalSectionEx,00772CC0,InitializeCriticalSectionEx), ref: 0072E0C0
                                                                                                                                                              • GetLastError.KERNEL32(?,0072E064,00000000,?,0077B528,?,?,?,0072E207,00000004,InitializeCriticalSectionEx,00772CC0,InitializeCriticalSectionEx,00000000,?,0072DF87), ref: 0072E0CA
                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0072E0F2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                              • Opcode ID: 16f8f79f4ca57b9ef4b4eb0f9d4e0a6a8165613de7544057459c9c9d496c166f
                                                                                                                                                              • Instruction ID: 60321ebc3e575d54f584344120ad241f712c2081ded2e71c36840fbe72d1ce71
                                                                                                                                                              • Opcode Fuzzy Hash: 16f8f79f4ca57b9ef4b4eb0f9d4e0a6a8165613de7544057459c9c9d496c166f
                                                                                                                                                              • Instruction Fuzzy Hash: B9E04F30380316B7EF305B61FD46B593B69AB11B55F208021FB0DE80F1DFA9D8618688
                                                                                                                                                              Function 007355A9 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(030027E4,00000000,00000000,?), ref: 0073560C
                                                                                                                                                                • Part of subcall function 00732BDB: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00730D4D,?,00000000,-00000008), ref: 00732C3C
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0073585E
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 007358A4
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00735947
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                              • Opcode ID: f2d3baf958e4de75d4f0d23dfc283837b8e50013559f70d55cdc212700240e33
                                                                                                                                                              • Instruction ID: 4e6fea9593070e5cb529c97de667fd837e71177bf750b82bfc0c6e94932b5690
                                                                                                                                                              • Opcode Fuzzy Hash: f2d3baf958e4de75d4f0d23dfc283837b8e50013559f70d55cdc212700240e33
                                                                                                                                                              • Instruction Fuzzy Hash: C8D18AB5D00658DFDB15CFA8C884AEDBBB9FF09310F24412AE466EB352D734A941CB50
                                                                                                                                                              Function 00732C7E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00732C86
                                                                                                                                                                • Part of subcall function 00732BDB: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00730D4D,?,00000000,-00000008), ref: 00732C3C
                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00732CBE
                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00732CDE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 158306478-0
                                                                                                                                                              • Opcode ID: f9e88d5a610fc35ff2c4f0b2e039c88186f8de2938870ff090bd3feb05535a22
                                                                                                                                                              • Instruction ID: 2c82370be41e1a381ccfd50a6c6ba42331adec9258c7382fccb1d6aa292f307f
                                                                                                                                                              • Opcode Fuzzy Hash: f9e88d5a610fc35ff2c4f0b2e039c88186f8de2938870ff090bd3feb05535a22
                                                                                                                                                              • Instruction Fuzzy Hash: EE11C0B6A11116BE77112B726C8DCAF7A6CEE85395F240125F50291213FE3CDD0282B1
                                                                                                                                                              Function 00735E5C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 007355A9: GetConsoleOutputCP.KERNEL32(030027E4,00000000,00000000,?), ref: 0073560C
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00734548,?), ref: 00735FE1
                                                                                                                                                              • GetLastError.KERNEL32(?,?,00734548,?,007343DB,00000000,?,00000000,007343DB,?,?,?,00777898,0000002C,0073444C,?), ref: 00735FEB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                              • String ID: HEs
                                                                                                                                                              • API String ID: 2915228174-3318390444
                                                                                                                                                              • Opcode ID: eef70d2e1d6eec492745488993df12e5b6b12bb15e71e0de487f09a1183ad557
                                                                                                                                                              • Instruction ID: 3f0da0d6ee264ea541f07aa7a82d846752f70c837b3d48532abc02d21ce6982c
                                                                                                                                                              • Opcode Fuzzy Hash: eef70d2e1d6eec492745488993df12e5b6b12bb15e71e0de487f09a1183ad557
                                                                                                                                                              • Instruction Fuzzy Hash: 8861C3B1D0451AAFEF15DFA8C845EEEBFB9AF09304F144185E804A7253D33AD901CBA0
                                                                                                                                                              Function 0072EBE6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?), ref: 0072EC0B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                              • Opcode ID: a3ddee05ee860a2dca6db61dc769d96097927c5dbc86a24341c97b90b4c08178
                                                                                                                                                              • Instruction ID: 4e093c7cd2348cbc59629c8ea41318675e28e4307769f7d62c361778c5832b57
                                                                                                                                                              • Opcode Fuzzy Hash: a3ddee05ee860a2dca6db61dc769d96097927c5dbc86a24341c97b90b4c08178
                                                                                                                                                              • Instruction Fuzzy Hash: 36417B71A00219EFCF15DF94DD81AEEBBB5FF48300F154059F904A7222D3399990DB60
                                                                                                                                                              Function 0072BCD2 Relevance: 5.1, APIs: 4, Instructions: 132memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 0072C033: HeapAlloc.KERNEL32(?,00000008,00000001,?,00000000), ref: 0072C069
                                                                                                                                                                • Part of subcall function 0072C033: HeapFree.KERNEL32(?,00000000,00000000,?,00000000), ref: 0072C1E4
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0072BD27
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000015), ref: 0072BDCE
                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0072BE13
                                                                                                                                                                • Part of subcall function 0072BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0072BF7F,?,0072BC80,00000000), ref: 0072BFF6
                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0072BE54
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.144632175223.0000000000701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.144632111354.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632265653.0000000000739000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632322704.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632419387.0000000000778000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632469949.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_700000_download.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$Alloc$Free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1549400367-0
                                                                                                                                                              • Opcode ID: 1893b7838785b4694eca53d975a2b5f5230e0b156cfd413b09ace857a8a93079
                                                                                                                                                              • Instruction ID: 5969f33633aa40b8856e7d1d47e68c8731394bb17b145c5efb29e22e0cc4d234
                                                                                                                                                              • Opcode Fuzzy Hash: 1893b7838785b4694eca53d975a2b5f5230e0b156cfd413b09ace857a8a93079
                                                                                                                                                              • Instruction Fuzzy Hash: 6B41BEB5800305EFD7209F64EC85FABB7E8EF54704F04881CFA8992252EB79E914CB51

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 02C702D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02C70326
                                                                                                                                                                • Part of subcall function 02C700A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02C700CD
                                                                                                                                                                • Part of subcall function 02C700A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02C70279
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02C70378
                                                                                                                                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02C703E7
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02C70407
                                                                                                                                                              • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02C7042E
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02C70456
                                                                                                                                                              • CloseHandle.KERNELBASE(?), ref: 02C70471
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000003.144630742658.0000000002C70000.00000040.00000001.00020000.00000000.sdmp, Offset: 02C70000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_3_2c70000_svchost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                              • String ID: ,
                                                                                                                                                              • API String ID: 3867569247-3772416878
                                                                                                                                                              • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                              • Instruction ID: bb7987fdc8f3d92f004a2705a7aaae2d67a3183e18da441556613587276cf98b
                                                                                                                                                              • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                              • Instruction Fuzzy Hash: 07610DB5900209EFDB20DFA5C885ADEBBB9FF48354F14852AE959E7240D770EA41CF60
                                                                                                                                                              Function 02C700A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02C700CD
                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02C70279
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000003.144630742658.0000000002C70000.00000040.00000001.00020000.00000000.sdmp, Offset: 02C70000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_3_2c70000_svchost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction ID: e4ba3311059feaed43d6c7b1f2dc436ef6981f1666fcb7ffb7358587eb4828b9
                                                                                                                                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                              • Instruction Fuzzy Hash: DC718972A0424ADFDB41DF98C981BEDBBF0AB19315F284095E465FB251C334AA91CF64

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:34.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                              Signature Coverage:71.4%
                                                                                                                                                              Total number of Nodes:28
                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                              execution_graph 415 2df102c19b4 416 2df102c19c7 415->416 417 2df102c19fb 416->417 418 2df102c19e6 VirtualFree 416->418 418->417 419 2df102c1cf4 421 2df102c1d19 419->421 420 2df102c1fa1 421->420 430 2df102c15c0 421->430 423 2df102c1f98 CloseHandle 423->420 424 2df102c1f88 NtAcceptConnectPort 424->423 425 2df102c1e3a 425->423 425->424 427 2df102c1ecd 425->427 433 2df102c0ac8 425->433 427->427 439 2df102c1aa4 NtAcceptConnectPort 427->439 431 2df102c15f4 NtAcceptConnectPort 430->431 431->425 434 2df102c0c62 433->434 435 2df102c0ae8 433->435 434->427 435->434 436 2df102c0be8 NtAcceptConnectPort 435->436 436->434 437 2df102c0c1b 436->437 437->434 438 2df102c0c33 NtAcceptConnectPort 437->438 438->434 440 2df102c1af7 439->440 441 2df102c1c04 439->441 445 2df102c1870 440->445 441->424 443 2df102c1b10 444 2df102c1bb6 NtAcceptConnectPort 443->444 444->441 447 2df102c1889 445->447 446 2df102c1949 446->443 447->446 448 2df102c1930 GetProcessMitigationPolicy 447->448 448->446

                                                                                                                                                              Callgraph

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007DF40F77E924 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort$DuplicateHandlecalloc
                                                                                                                                                              • String ID: ,$,$H$H
                                                                                                                                                              • API String ID: 2577638757-3578512806
                                                                                                                                                              • Opcode ID: f51fed4865afaad503184b440fc1afc15801c4b5405f92c057e5263222fb1777
                                                                                                                                                              • Instruction ID: 9c2cee58516d6bdca65535f32aee370266a3df2c901f911af7192f1db56b5f79
                                                                                                                                                              • Opcode Fuzzy Hash: f51fed4865afaad503184b440fc1afc15801c4b5405f92c057e5263222fb1777
                                                                                                                                                              • Instruction Fuzzy Hash: AF026C3461CFC48BD764EF18D885A6AB7E1FF98311F50093EE58ED3691DA74A8418B83
                                                                                                                                                              Function 00007DF40F77E5B4 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 345filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$AcceptConnectCreateDuplicateHandleMappingPortView
                                                                                                                                                              • String ID: ,$@$@
                                                                                                                                                              • API String ID: 349504279-451747975
                                                                                                                                                              • Opcode ID: 400244f6a1c316385d1b7a335ce243913ee6848e6d851e1ceedb9966fa978c65
                                                                                                                                                              • Instruction ID: ce1abbc832b3190571315d25b5eec5cd6481ec66a2c0d7734089ed328d06a112
                                                                                                                                                              • Opcode Fuzzy Hash: 400244f6a1c316385d1b7a335ce243913ee6848e6d851e1ceedb9966fa978c65
                                                                                                                                                              • Instruction Fuzzy Hash: 4DB16034A1CB898FD754EF58C885A6AB7E1FF98311F10493EE48BD3650DB74E8458B82
                                                                                                                                                              Function 00007DF40F77F194 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPathPort$NameName_free
                                                                                                                                                              • String ID: $0$@
                                                                                                                                                              • API String ID: 1495449958-2347541974
                                                                                                                                                              • Opcode ID: 7e3e721e1c4b2683554ee06ddef218b08da8fbfcd05e856294c1ba03b53df699
                                                                                                                                                              • Instruction ID: d9f9ff8feb6fdf2b5b86de5f2f54f7befa1a6728a46191fca4ec360d4bd6d97b
                                                                                                                                                              • Opcode Fuzzy Hash: 7e3e721e1c4b2683554ee06ddef218b08da8fbfcd05e856294c1ba03b53df699
                                                                                                                                                              • Instruction Fuzzy Hash: 99516F3452CB888FD764DF189486BAAB7E0FF99314F10452EE48EC7251DB78E4858B83
                                                                                                                                                              Function 00007DF40F770B54 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                                              • String ID: \
                                                                                                                                                              • API String ID: 2722548352-2967466578
                                                                                                                                                              • Opcode ID: 9b58f2d058bf45501d458c2d2bdbaaa6ae8fdaf4e355c20d650771e84fa243e6
                                                                                                                                                              • Instruction ID: 88714468f654b18f1bdc71184c896e29c5fe839f1f128d353684ea4fd14be314
                                                                                                                                                              • Opcode Fuzzy Hash: 9b58f2d058bf45501d458c2d2bdbaaa6ae8fdaf4e355c20d650771e84fa243e6
                                                                                                                                                              • Instruction Fuzzy Hash: 1C418C35218A888FEB45EF28DCC8AEA37A5FF94301F14067AD40BDB165DB389844CB81
                                                                                                                                                              Function 000002DF102730C7 Relevance: 7.9, APIs: 5, Instructions: 390nativememoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.144753096290.000002DF10270000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF10270000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_2df10270000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort$FreeHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2519882481-0
                                                                                                                                                              • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                              • Instruction ID: aef0c54fe13a6b9eb954298077b5ede9341ed5f1d417ba54f754788bdc996903
                                                                                                                                                              • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                              • Instruction Fuzzy Hash: 4CC18530218B498FDB98EF18C489B69B7E1FB99311F10852EE88EC7646DB74DC458786
                                                                                                                                                              Function 00007DF40F76E944 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 366COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                              • String ID: :$A$\$\
                                                                                                                                                              • API String ID: 3061335427-2970747007
                                                                                                                                                              • Opcode ID: 40f03821186da43794f2a87b58a5933d75064cdae234fb0c81008c1ee9f5d7f5
                                                                                                                                                              • Instruction ID: 41eac0fab378d7ab3ac5c2ec5614709dd2b9b701e41deb282bc3baa7809fc58c
                                                                                                                                                              • Opcode Fuzzy Hash: 40f03821186da43794f2a87b58a5933d75064cdae234fb0c81008c1ee9f5d7f5
                                                                                                                                                              • Instruction Fuzzy Hash: 6EC1943961CAC44BE769EB28D885AAB73E1FF98710F10053ED08FD7191DA78E941C786
                                                                                                                                                              Function 00007DF40F77F340 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID: $0$@
                                                                                                                                                              • API String ID: 1658770261-2347541974
                                                                                                                                                              • Opcode ID: c7247ff8050f2d7a93d6dd9e945112841b3860e13888cfd3c19dff1b92d4731a
                                                                                                                                                              • Instruction ID: 3c131db005a621d3f98b07fc0a0f9a978ca9177b5fc3e10a143f48e822ac2775
                                                                                                                                                              • Opcode Fuzzy Hash: c7247ff8050f2d7a93d6dd9e945112841b3860e13888cfd3c19dff1b92d4731a
                                                                                                                                                              • Instruction Fuzzy Hash: BD51293461CB898FE764DB599858BABB7E5EF94351F10093EE48EC3250DB74D4448B82
                                                                                                                                                              Function 00007DF40F7708A0 Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3114477661-0
                                                                                                                                                              • Opcode ID: 1a06caafc86ca25f80e6541f3a95ce588ee5ec8f88f9f61403d31cba769b0c47
                                                                                                                                                              • Instruction ID: 09621169137c62bc4fa751f281efb65b193fdc9c8dca95af57d6344ab7d07531
                                                                                                                                                              • Opcode Fuzzy Hash: 1a06caafc86ca25f80e6541f3a95ce588ee5ec8f88f9f61403d31cba769b0c47
                                                                                                                                                              • Instruction Fuzzy Hash: 27714F3061CB888FE764DF28D8997ABB7E5FF94315F00062ED48AD31A1DF7895458B42
                                                                                                                                                              Function 00007DF40F775984 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2502124517-0
                                                                                                                                                              • Opcode ID: 31a73009727ec64b2717a28cde482d5ac5e70c187d3285a620a0ef7f827ae1c5
                                                                                                                                                              • Instruction ID: c729c834a39c6d34dacdd5da3b986c158b7a8450e3c787602a5d164075e234eb
                                                                                                                                                              • Opcode Fuzzy Hash: 31a73009727ec64b2717a28cde482d5ac5e70c187d3285a620a0ef7f827ae1c5
                                                                                                                                                              • Instruction Fuzzy Hash: 7B315230618A888FEB95DF28D8D8B5A77E1FF94320F54463AE45BC3194DF38D9458B82
                                                                                                                                                              Function 00007DF40F77FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                              • Opcode ID: a9f21cc9e715dc01ebd50dbccacdeaa4c09ba6848c0909e5b945097f549bce2c
                                                                                                                                                              • Instruction ID: 9b3f54dc5db7932aa3d5c0b3ae94a79434f74ac6b4b37acdbf762cd76621ff39
                                                                                                                                                              • Opcode Fuzzy Hash: a9f21cc9e715dc01ebd50dbccacdeaa4c09ba6848c0909e5b945097f549bce2c
                                                                                                                                                              • Instruction Fuzzy Hash: 0121B035A2CFC84FD7609E589884BAA76E0EF98365F50093FE84FD3290D67898448782
                                                                                                                                                              Function 00007DF40F77FBE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                              • Opcode ID: 7f75c22237f9916d178b8800fa8e8938ec56a9e09f60d73b0d1b5b70b2a4c060
                                                                                                                                                              • Instruction ID: 58d58ef31d6554f2466493107fad7b06d7468f24f25ab264880834b7037953f6
                                                                                                                                                              • Opcode Fuzzy Hash: 7f75c22237f9916d178b8800fa8e8938ec56a9e09f60d73b0d1b5b70b2a4c060
                                                                                                                                                              • Instruction Fuzzy Hash: D521E731B2CEC84FE750DE58A9C4ABE72E0EF98355F50053FE94ED3290D63898448782
                                                                                                                                                              Function 00007DF40F767AB4 Relevance: 3.3, APIs: 2, Instructions: 832COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free$callocmalloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1437353635-0
                                                                                                                                                              • Opcode ID: c6101f962e3fa328836111a05fa509a7a7a862d9ccc25c4a6e4d421a2aee41ee
                                                                                                                                                              • Instruction ID: 35b313d203ea62dc7d194ac69732bcc5a7910c7057dd6ec5dafbfec58c1d7811
                                                                                                                                                              • Opcode Fuzzy Hash: c6101f962e3fa328836111a05fa509a7a7a862d9ccc25c4a6e4d421a2aee41ee
                                                                                                                                                              • Instruction Fuzzy Hash: 16525C74518B888FDBA5EF28D485AAAB7E1FF98710F50062ED04FD3251DB34A541CB82
                                                                                                                                                              Function 00007DF40F75286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandleSuspendThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1038686644-0
                                                                                                                                                              • Opcode ID: 4be2a0f853008db5af21ec0b1504b0becaccee2aa91be92a5de044abf1373f37
                                                                                                                                                              • Instruction ID: 18d820ca1d80caacf341d6d34a87311f32d79a63c0ad1a0548fd844d0a3d1753
                                                                                                                                                              • Opcode Fuzzy Hash: 4be2a0f853008db5af21ec0b1504b0becaccee2aa91be92a5de044abf1373f37
                                                                                                                                                              • Instruction Fuzzy Hash: 5E91E834A0C9D54BDB68AB18D44156673E1FF55720F14417AD48FE7286DA78F842CBC2
                                                                                                                                                              Function 000002DF102C1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3811980168-0
                                                                                                                                                              • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                              • Instruction ID: 020012b22c7aa675eddee6caeb1a03e89f9fcb7209381cd9f9e719fa15f33ba3
                                                                                                                                                              • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                              • Instruction Fuzzy Hash: A391D530508F489FD7A4EB18C6867E573E1FB85311F34466EE88FD3596DA34E8428B85
                                                                                                                                                              Function 000002DF102C0AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                              • Instruction ID: 13cedd29ff5335595f20f8cd57ed883e4e77299c3658358051f82fd9be637397
                                                                                                                                                              • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                              • Instruction Fuzzy Hash: F1517C305189944EE37CA63889D9278B7D0F78230AF34066FE5F7C5493D928CE478785
                                                                                                                                                              Function 00007DF40F7A9E68 Relevance: 3.2, APIs: 2, Instructions: 182COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: listenmallocsocket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1493613933-0
                                                                                                                                                              • Opcode ID: 3f7911beb569789f153afdcd2c0e8c38705149091478490717785ae32f0b50d2
                                                                                                                                                              • Instruction ID: 2a4ea4e892dcd4c8829427879dbc5b10d63b309d6005ec25736af5a3acab1b1f
                                                                                                                                                              • Opcode Fuzzy Hash: 3f7911beb569789f153afdcd2c0e8c38705149091478490717785ae32f0b50d2
                                                                                                                                                              • Instruction Fuzzy Hash: D851B339A18A888FEB54CF28C4847A633B1FF85324F11427AD91FDB1C6D73D98528742
                                                                                                                                                              Function 000002DF102C1AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2923266908-0
                                                                                                                                                              • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                              • Instruction ID: aed54ec2002dbb1729d15cf5e0d746cfef50cc0ac993c03f10510945ca6d062e
                                                                                                                                                              • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                              • Instruction Fuzzy Hash: 9A41E230208B888FDB84DF2C98C97957BD1EB56320F1443AEE85ECB2D7DA34C9458796
                                                                                                                                                              Function 00007DF40F7A97F8 Relevance: 3.1, APIs: 2, Instructions: 93networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF40F7A9919), ref: 00007DF40F7A9825
                                                                                                                                                                • Part of subcall function 00007DF40F7A9408: ioctlsocket.WS2_32 ref: 00007DF40F7A9434
                                                                                                                                                              • bind.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF40F7A9919), ref: 00007DF40F7A98AA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: bindioctlsocketsocket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3555158474-0
                                                                                                                                                              • Opcode ID: 614126051cc389e206282f89fd130fd195f5f0ee093d59802071a7581dea86ac
                                                                                                                                                              • Instruction ID: a83064dada3b67b4ae6b063341aa603b6de5d6fbc490d8799333281638d39de3
                                                                                                                                                              • Opcode Fuzzy Hash: 614126051cc389e206282f89fd130fd195f5f0ee093d59802071a7581dea86ac
                                                                                                                                                              • Instruction Fuzzy Hash: B621D6387189444FE7989B78988826633F1FF85335F1106BAE92FD72D5DA2C9C218652
                                                                                                                                                              Function 00007DF40F780894 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 6751fd1fc4857a433bbea1b9715003dce2838a39ebf5644afc3c3264c880e537
                                                                                                                                                              • Instruction ID: 6bfe9165b4dc75fddb3821d74ea3559ef262299d57b418b67292885eae4ed21c
                                                                                                                                                              • Opcode Fuzzy Hash: 6751fd1fc4857a433bbea1b9715003dce2838a39ebf5644afc3c3264c880e537
                                                                                                                                                              • Instruction Fuzzy Hash: 4B214B34258A88CFEB44EB5DE844B66B7F1FFA9301F04452EE48AC31A0DBB5E545CB42
                                                                                                                                                              Function 00007DF40F7807C8 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 1ec7c05d776ed298badb8d205adcc0dff6c8af7ed97ef9e4429153e63e6cec0a
                                                                                                                                                              • Instruction ID: 3f74416e497fd14a529bbd9655a5d166c16cf8145a333632d3d2e38472633d8d
                                                                                                                                                              • Opcode Fuzzy Hash: 1ec7c05d776ed298badb8d205adcc0dff6c8af7ed97ef9e4429153e63e6cec0a
                                                                                                                                                              • Instruction Fuzzy Hash: 0E216634218A488FEB44EF5CD844766B7F1FBA9301F00052EE48AC31A0DBB4E585CB42
                                                                                                                                                              Function 00007DF40F7A83A0 Relevance: 3.1, APIs: 2, Instructions: 77networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                              • Opcode ID: 7ecd551f27ea214ea1dd8ba285ef4d263d7445d8461e0d101a71befd61669354
                                                                                                                                                              • Instruction ID: 7843c66d13634f44c69f91432810caa902e226ca5541cd8039321fa2e7ea2928
                                                                                                                                                              • Opcode Fuzzy Hash: 7ecd551f27ea214ea1dd8ba285ef4d263d7445d8461e0d101a71befd61669354
                                                                                                                                                              • Instruction Fuzzy Hash: D411573971CD884FE698AF68988477672E1FF89325F55063AE41FD32D2DB2DAC058243
                                                                                                                                                              Function 00007DF40F77F950 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: a659fdfeb57492f43406c863df245e15a40583a0d34894e91c3c58a0ab53c3e9
                                                                                                                                                              • Instruction ID: 420d90d36d195c83837fbe36a394974180b67d4be9d42c9d037174742bf8fbbc
                                                                                                                                                              • Opcode Fuzzy Hash: a659fdfeb57492f43406c863df245e15a40583a0d34894e91c3c58a0ab53c3e9
                                                                                                                                                              • Instruction Fuzzy Hash: 2881C434A2CFC98BE7659A589544EABB3F0FF95350F51463BE44BD7290DA68E80087C3
                                                                                                                                                              Function 00007DF40F7A9C90 Relevance: 1.7, APIs: 1, Instructions: 167networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Recv
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4192927123-0
                                                                                                                                                              • Opcode ID: b65cc76ae5b3ff7791aa8169710b0822851622e1fd7e5b2cd85b137a6361bbc4
                                                                                                                                                              • Instruction ID: d4833ccaeee99e4f6476d00d0b900729ae315e4c9bb4687ebc4931e0fa783850
                                                                                                                                                              • Opcode Fuzzy Hash: b65cc76ae5b3ff7791aa8169710b0822851622e1fd7e5b2cd85b137a6361bbc4
                                                                                                                                                              • Instruction Fuzzy Hash: E2516A39608E888FEBA4DF28C4C4B96B7F0FF94324F51056AD54AD3151DB39E850CB42
                                                                                                                                                              Function 00007DF40F77F5E0 Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: da62d07d13def71742832dd905ed71633738f0a97f96977b664394565b402f3a
                                                                                                                                                              • Instruction ID: e90f7987060810f43e10f99199d145e6bdd027860dfca56fbb5b85a77a24fe7b
                                                                                                                                                              • Opcode Fuzzy Hash: da62d07d13def71742832dd905ed71633738f0a97f96977b664394565b402f3a
                                                                                                                                                              • Instruction Fuzzy Hash: B931B73171CA844FE7185E5899859BB33E6EF49331F20463EE94FD32A1D958BC5246C2
                                                                                                                                                              Function 00007DF40F7760C4 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CryptDataUnprotect
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 834300711-0
                                                                                                                                                              • Opcode ID: 4a6a9990d4f97dd3f26a754fcf960de844aff6d040f3068bbc20e06b9a37edb2
                                                                                                                                                              • Instruction ID: 7aa161e2030841e1d897c02e3b0d8f7c421e3d2482cff55f8ec0e48d591c3b36
                                                                                                                                                              • Opcode Fuzzy Hash: 4a6a9990d4f97dd3f26a754fcf960de844aff6d040f3068bbc20e06b9a37edb2
                                                                                                                                                              • Instruction Fuzzy Hash: 9731803071CB884FE748EB58D849A6BB7E2EFD9351F40457EE44AC3295EE79E8018742
                                                                                                                                                              Function 000002DF102C15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 118 2df102c15c0-2df102c15f2 119 2df102c15f9-2df102c15fb 118->119 120 2df102c15f4-2df102c15f7 118->120 122 2df102c160b-2df102c160d 119->122 123 2df102c15fd-2df102c1609 119->123 121 2df102c161f-2df102c166d NtAcceptConnectPort 120->121 124 2df102c161d 122->124 125 2df102c160f-2df102c161b 122->125 123->121 124->121 125->121
                                                                                                                                                              APIs
                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000002DF102C1E3A), ref: 000002DF102C1654
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                              • Instruction ID: 65bb121dccbb67e6ea43a0b4413ca13853a3320e8be583c880172bd6bb43a198
                                                                                                                                                              • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                              • Instruction Fuzzy Hash: 6121A470908B448FDB94DF18C5CA665B7E5FB69305F240A7FE44AD7610D730D884CB41
                                                                                                                                                              Function 00007DF40F77E270 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 90215ec044af6b5a3f51f845eba14a51aacfca00b2df7eccba2a6b066ac87a1a
                                                                                                                                                              • Instruction ID: 695bc36c989646a3df4c3b4bdfc14146d9b7908eb6fad9156845a7cc7a4fb7e1
                                                                                                                                                              • Opcode Fuzzy Hash: 90215ec044af6b5a3f51f845eba14a51aacfca00b2df7eccba2a6b066ac87a1a
                                                                                                                                                              • Instruction Fuzzy Hash: 16F0BD74A1CF848FDB64EB2CD485B5977E0FB99310F508559E44CC7255DA34A8848B46
                                                                                                                                                              Function 00007DF40F77E0A8 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: aad1404551b76265cedec92f5ce976fb1cf1c76074a5a82c25fc452288ea3a33
                                                                                                                                                              • Instruction ID: d383cc35284bca930ab6844bfd085be2d8f76cba690341d01e8dfceda34d033f
                                                                                                                                                              • Opcode Fuzzy Hash: aad1404551b76265cedec92f5ce976fb1cf1c76074a5a82c25fc452288ea3a33
                                                                                                                                                              • Instruction Fuzzy Hash: DEF0623491CBC88FD7A0EB688485B9ABBF0FB9A354F54495DE4CCC3211D73494848B43
                                                                                                                                                              Function 00007DF40F77E208 Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 47e5da7489ba08189a496262f455f62265a4c3b6aec6204ea07410d700e7814d
                                                                                                                                                              • Instruction ID: 749d2fcc3cdd09e22dcee6f2801aaf47c16b4c0b1c367eecdc3b7c094ff4e680
                                                                                                                                                              • Opcode Fuzzy Hash: 47e5da7489ba08189a496262f455f62265a4c3b6aec6204ea07410d700e7814d
                                                                                                                                                              • Instruction Fuzzy Hash: 10F04774A5CB888FD7A0EB28C484B5AB7E1FB99754F504929E48DC3210DB35D4858B42
                                                                                                                                                              Function 00007DF40F77E3FC Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: fbe6c96d3fdd7f51192b799b854e8d717732653da5f473f03264353d13c1ed01
                                                                                                                                                              • Instruction ID: 98184fc26d0c8c8bb58f238356e007fc8b418801e2cae9601e48b45cc1c6a666
                                                                                                                                                              • Opcode Fuzzy Hash: fbe6c96d3fdd7f51192b799b854e8d717732653da5f473f03264353d13c1ed01
                                                                                                                                                              • Instruction Fuzzy Hash: 90E09235618A458FDB04EF98C8C186AB3F4FBD8310F404D7AF84AC7164D264E698C683
                                                                                                                                                              Function 00007DF40F7DD5EC Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemInfo.KERNELBASE(?,00007DF40F7EEEAF,?,?,?,?,00000000,00000000), ref: 00007DF40F7DD609
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                              • Opcode ID: 66dbf0e6f6ed37e6482fa81192c3320326a62e0f4d83b9a949c5c806d52c8cd8
                                                                                                                                                              • Instruction ID: 33fb45f5e921002ee9f6563770a7d71327ee3c94f089667632f0a5d69796a288
                                                                                                                                                              • Opcode Fuzzy Hash: 66dbf0e6f6ed37e6482fa81192c3320326a62e0f4d83b9a949c5c806d52c8cd8
                                                                                                                                                              • Instruction Fuzzy Hash: 8AE04F36A208844BF70DFB30DC955E673A1FF96310B804636D807C21E6EE2D624ACA82
                                                                                                                                                              Function 00007DF40F77E2F8 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 32eec038dae53cdfbaaa8a94f80fa7ec7068c3dd721f99c87fdbe10b40430c97
                                                                                                                                                              • Instruction ID: 279d63e2ae63dcc21fd9f485795acd34406aa403d0d66388338ff74dca54dd61
                                                                                                                                                              • Opcode Fuzzy Hash: 32eec038dae53cdfbaaa8a94f80fa7ec7068c3dd721f99c87fdbe10b40430c97
                                                                                                                                                              • Instruction Fuzzy Hash: 9AD05E24D68FC94BD614B728880060A36E1FF99314F98466CD44DC3200D23CE8414286
                                                                                                                                                              Function 00007DF40F77E184 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 36786820427347a9e063061427eb4062f063ea2ec01bbd2f6fc6af6f66338dad
                                                                                                                                                              • Instruction ID: f4309848111dd5f54473746f050e8607f310e609e8ed5870c94941afdd558929
                                                                                                                                                              • Opcode Fuzzy Hash: 36786820427347a9e063061427eb4062f063ea2ec01bbd2f6fc6af6f66338dad
                                                                                                                                                              • Instruction Fuzzy Hash: 3ED05E38D3CBC94BE650A728990165A36E1FBD9314F904265E449D3244D23CE4404382
                                                                                                                                                              Function 00007DF40F77E1B0 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 48918622affcc30f6db1f1f1f949850035da227f955404e31c0a29e9b8542fa7
                                                                                                                                                              • Instruction ID: fc22bd0668cd4eec7aebd74ee6f7cde1e77ed04dd9d0916dd49a5072cba15141
                                                                                                                                                              • Opcode Fuzzy Hash: 48918622affcc30f6db1f1f1f949850035da227f955404e31c0a29e9b8542fa7
                                                                                                                                                              • Instruction Fuzzy Hash: 2FD05E34D6CBC94BDA14F728980160637E1FBD9314F918274D84AC3210E22DE4518383
                                                                                                                                                              Function 00007DF40F77E3DC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 5b12dc164cb5b938fa22c4058cdcf61b6d4f00c5ee52274416e89398196e75af
                                                                                                                                                              • Instruction ID: 2468f061d25cc972c2d0bb90394994b601b113ce846c86d1bf94cceaa77fbd3f
                                                                                                                                                              • Opcode Fuzzy Hash: 5b12dc164cb5b938fa22c4058cdcf61b6d4f00c5ee52274416e89398196e75af
                                                                                                                                                              • Instruction Fuzzy Hash: 00C08C04E2CDEBAAED14626E4C80B5A20A0EF4E364F800065E40AC3180F84CE9C44393
                                                                                                                                                              Function 00007DF40F77E164 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF40F77C10B), ref: 00007DF40F77E174
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: f436be80cc77ce9f0a4b6dfbd7313c2ed9131dc89883828c3245f29929cb2ed9
                                                                                                                                                              • Instruction ID: b86b271009e81f254d6f39c46da16ed09d0f41e40553fef36c02f375f653578c
                                                                                                                                                              • Opcode Fuzzy Hash: f436be80cc77ce9f0a4b6dfbd7313c2ed9131dc89883828c3245f29929cb2ed9
                                                                                                                                                              • Instruction Fuzzy Hash: 9AC08C24F28D8B0AE904626D5E82A0521A0EF8D7E0F800070940EC3180E41CE8C04393
                                                                                                                                                              Function 00007DF40F766E54 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID: rE\
                                                                                                                                                              • API String ID: 544645111-988334199
                                                                                                                                                              • Opcode ID: 451fc3d891ccd8d7d5574cf2ac86f3a1f7c5ae58d723d8471eb83299c019d9d2
                                                                                                                                                              • Instruction ID: 57e2c1cd9e53b53867baea18f7b72f321a08c1ecdd4f617566886c677ded6866
                                                                                                                                                              • Opcode Fuzzy Hash: 451fc3d891ccd8d7d5574cf2ac86f3a1f7c5ae58d723d8471eb83299c019d9d2
                                                                                                                                                              • Instruction Fuzzy Hash: EC2188357189844BEB44F768D8916AAB2E6FBD8710F504079E44FC3285DD69ED0587C2
                                                                                                                                                              Function 00007DF40F7A8114 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Completion$CreateFileModesNotificationPortioctlsocketsetsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1500236412-0
                                                                                                                                                              • Opcode ID: a01a4090b8d1f37c5b5367c77bdf2aa6c28c85a179c4458bd3acfbd98ba5c6f0
                                                                                                                                                              • Instruction ID: 0eceb9c1aad14705a3789b40c9955ee8cda2cd74ad5bbdceff072a19b35d8ca5
                                                                                                                                                              • Opcode Fuzzy Hash: a01a4090b8d1f37c5b5367c77bdf2aa6c28c85a179c4458bd3acfbd98ba5c6f0
                                                                                                                                                              • Instruction Fuzzy Hash: 39418438618D844FE759AB28E88967A77E5FF89315F51053EE44BD3291DB3C98018A83
                                                                                                                                                              Function 00007DF40F763514 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 544645111-3916222277
                                                                                                                                                              • Opcode ID: d50ba39bc7ea38403085c984aabbe52761f5a82114284a63263e9a1367aca668
                                                                                                                                                              • Instruction ID: e933e548b4df5ee7d54bde4aad1edc44c25e11b873f464269c883351420752fb
                                                                                                                                                              • Opcode Fuzzy Hash: d50ba39bc7ea38403085c984aabbe52761f5a82114284a63263e9a1367aca668
                                                                                                                                                              • Instruction Fuzzy Hash: 1611063160C89A0BE755E738D8546B673E0EF80324F64413AE88FD32D1DA1CE951C792
                                                                                                                                                              Function 00007DF40F754998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc$free
                                                                                                                                                              • String ID: x
                                                                                                                                                              • API String ID: 1480856625-2363233923
                                                                                                                                                              • Opcode ID: 7effbe760cfa2b3e2c051270c3b7bf63a6a4d392ed306e217f118dc3651c0747
                                                                                                                                                              • Instruction ID: 3a1f30a85d62133b840274102cef5991f5686b6656fe857d3b332f05276b2a29
                                                                                                                                                              • Opcode Fuzzy Hash: 7effbe760cfa2b3e2c051270c3b7bf63a6a4d392ed306e217f118dc3651c0747
                                                                                                                                                              • Instruction Fuzzy Hash: 74B17139A1CAC44AE769EB1894916EBB3E1FFD4310F50057EE0CBC3192ED78E546C686
                                                                                                                                                              Function 00007DF40F7A9408 Relevance: 4.6, APIs: 3, Instructions: 117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Completion$CreateFileModesNotificationPortioctlsocket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1455841399-0
                                                                                                                                                              • Opcode ID: 248993807d364f9c07c564db7a9b25027af592395ae0397d94e8c4fc6e8cb03c
                                                                                                                                                              • Instruction ID: 0729feec2cde0a84c4253140af45b2339cbf6e6e8ac974eb8037a9383cc3ef3a
                                                                                                                                                              • Opcode Fuzzy Hash: 248993807d364f9c07c564db7a9b25027af592395ae0397d94e8c4fc6e8cb03c
                                                                                                                                                              • Instruction Fuzzy Hash: F531A13C7089844BEB989A28988522B32F4EF85325F51017AE90FE31C2DA2DEC51C693
                                                                                                                                                              Function 00007DF40F76DBF4 Relevance: 4.6, APIs: 3, Instructions: 77fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateReadcalloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3514542566-0
                                                                                                                                                              • Opcode ID: 076bde7d814137eb5075a57f2cc06e4b0eeb21cb2c120b6e7a938634d389f31d
                                                                                                                                                              • Instruction ID: 154ce1b1d1f3c921a36b313d0d6859c2117afefc6749390a2a3dc369a39220b7
                                                                                                                                                              • Opcode Fuzzy Hash: 076bde7d814137eb5075a57f2cc06e4b0eeb21cb2c120b6e7a938634d389f31d
                                                                                                                                                              • Instruction Fuzzy Hash: 8621C230618A8C4FE7B46F6898D836A72E1FF94326F24093ED44FD3680DB7888428742
                                                                                                                                                              Function 00007DF40F77A3A0 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeUninitializefree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1169324116-0
                                                                                                                                                              • Opcode ID: 9ab1874f44d77e79d535ef82b1694f4e2e99eab9585d86085d528270dd9a5413
                                                                                                                                                              • Instruction ID: 86b87c07fcafeae409afc7234efd1b7fa869ada9f9337792f71a82ded1f3f4c4
                                                                                                                                                              • Opcode Fuzzy Hash: 9ab1874f44d77e79d535ef82b1694f4e2e99eab9585d86085d528270dd9a5413
                                                                                                                                                              • Instruction Fuzzy Hash: 6E214F30608A488FDF44FF38D849A9A77E0FF98325F00462AA84FD3191DA39E9418B95
                                                                                                                                                              Function 00007DF40F754F54 Relevance: 3.9, APIs: 3, Instructions: 126COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc$free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1480856625-0
                                                                                                                                                              • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                              • Instruction ID: b163f7bcf56ee5d585b363e3f8e0579bfd7b53e80d3e39de0f69d8a130e7acb9
                                                                                                                                                              • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                              • Instruction Fuzzy Hash: A431D434608A899BE718FF68D855966B3F0FF10760704863AD41FC3591EFA4F84587C2
                                                                                                                                                              Function 000002DF102733B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.144753096290.000002DF10270000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF10270000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_2df10270000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID: x
                                                                                                                                                              • API String ID: 3298025750-2363233923
                                                                                                                                                              • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                              • Instruction ID: 201c6bebfef0eb45f0d00c86ff5a187c2919c1ddf2b5b980c751272c298967fa
                                                                                                                                                              • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                              • Instruction Fuzzy Hash: 46B14C715086988BD77D9A2C849A2BA77D1FB96301F30453FD8DBC3583ED30DD428685
                                                                                                                                                              Function 00007DF40F84CB1C Relevance: 3.8, APIs: 3, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                              • Instruction ID: d22104199b8c62df7b4fbaa088953b84e813fedcf32a99f314df8ca0c8900f3b
                                                                                                                                                              • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                              • Instruction Fuzzy Hash: 79219132A098A84FDFA4EB1CC0C4DA973B5EF8932076502B2D81AD7599D225FC80D781
                                                                                                                                                              Function 00007DF40F76A080 Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2835849967-0
                                                                                                                                                              • Opcode ID: c113607d969cbe5ff005796d9fbece307679fd68acf58ab7be00842a872e9ef8
                                                                                                                                                              • Instruction ID: 17f170495d326ffa1a01e0631e76b0f5e9e2f5a736f0178d104a1b26b0f3d37a
                                                                                                                                                              • Opcode Fuzzy Hash: c113607d969cbe5ff005796d9fbece307679fd68acf58ab7be00842a872e9ef8
                                                                                                                                                              • Instruction Fuzzy Hash: 30D1423591CBC88BD765EF28D8856ABB7E0FF94310F04452EE48FD3191EB38A5458B82
                                                                                                                                                              Function 00007DF40F7812A0 Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3388366904-0
                                                                                                                                                              • Opcode ID: a3ba70e1ad829dad54001a9d10e6e330841c9d51af533dc45f0c3d18d0f38196
                                                                                                                                                              • Instruction ID: 5ade0e8225f3686d80afe0aece19b886ade2dc3178134d3d029b764644ae8e1b
                                                                                                                                                              • Opcode Fuzzy Hash: a3ba70e1ad829dad54001a9d10e6e330841c9d51af533dc45f0c3d18d0f38196
                                                                                                                                                              • Instruction Fuzzy Hash: A071747461CA844FE7589F1894C53AAB7E1FF98311F90053FE98FD3292DA7898478643
                                                                                                                                                              Function 00007DF40F752514 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocInfoSystemVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3440192736-0
                                                                                                                                                              • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                              • Instruction ID: 90b2f2b0e297b22c9f30ed972ed88d8b9b8eeedd3674ada53431940ee9474389
                                                                                                                                                              • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                              • Instruction Fuzzy Hash: 6451073061CE8D4FEB55BB6C945832A32E1FF98720F10017AE44ED3596DEA8F881C782
                                                                                                                                                              Function 00007DF40F7809F4 Relevance: 3.2, APIs: 2, Instructions: 175processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CodeCreateExit
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2286949077-0
                                                                                                                                                              • Opcode ID: 52fd6e56ebc4f5f03eb1c265b9ab5dd59134ee5e10325223d13e6ccf9a9e7884
                                                                                                                                                              • Instruction ID: 140d989f032a54fd9c009c4acc7652197b22009a6379e5b0090f9fab545ec15e
                                                                                                                                                              • Opcode Fuzzy Hash: 52fd6e56ebc4f5f03eb1c265b9ab5dd59134ee5e10325223d13e6ccf9a9e7884
                                                                                                                                                              • Instruction Fuzzy Hash: C7514F3461D7844BE768DB28D85576BB7E5FF94324F40453EE88BC3191DA78E8068B42
                                                                                                                                                              Function 00007DF40F769EF8 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3388366904-0
                                                                                                                                                              • Opcode ID: 024778b16d8f44df83553453491ae65f0f692c9e10fa54c8d5f38d6db915bb4e
                                                                                                                                                              • Instruction ID: 1aa180da2692d820138cef25d529c0175cac7518f4b875579ced2e655ef77fac
                                                                                                                                                              • Opcode Fuzzy Hash: 024778b16d8f44df83553453491ae65f0f692c9e10fa54c8d5f38d6db915bb4e
                                                                                                                                                              • Instruction Fuzzy Hash: A041A4357086884FEB58EF38988566A77E5FF99711F00453EE88FE3190EE38D9418782
                                                                                                                                                              Function 00007DF40F780E70 Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3388366904-0
                                                                                                                                                              • Opcode ID: 594ec97d9ba7962bab0b7493706b403b786403c20f741c88ad16ac68df33df33
                                                                                                                                                              • Instruction ID: fa064bab18a84715cc2cbe6bec421002cbdab9857d8f1698581e7aefab2ac8d9
                                                                                                                                                              • Opcode Fuzzy Hash: 594ec97d9ba7962bab0b7493706b403b786403c20f741c88ad16ac68df33df33
                                                                                                                                                              • Instruction Fuzzy Hash: 0521F77570C7880FE3689E58A88627B73D4EF99720F50413EE88FC3242DA65A8074693
                                                                                                                                                              Function 00007DF40F752BB8 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                              • Opcode ID: 0b19353fa17fbeddc7f5eb0e94c6a29ef833579afe2531e2e26fcb7361acdf4a
                                                                                                                                                              • Instruction ID: 6276f5b59211142c9a2da9b101db7c7cf11ce932c1384d1d5d6b4ba54ab05bc8
                                                                                                                                                              • Opcode Fuzzy Hash: 0b19353fa17fbeddc7f5eb0e94c6a29ef833579afe2531e2e26fcb7361acdf4a
                                                                                                                                                              • Instruction Fuzzy Hash: 9A31F92070CAC54BD715AB6C98947563BD5EF59320F1502A6E89EC71D7CB98A842C382
                                                                                                                                                              Function 00007DF40F76DA48 Relevance: 2.6, APIs: 2, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007DF40F77E164: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF40F77C10B), ref: 00007DF40F77E174
                                                                                                                                                              • malloc.MSVCRT ref: 00007DF40F76DB18
                                                                                                                                                              • free.MSVCRT ref: 00007DF40F76DB9F
                                                                                                                                                                • Part of subcall function 00007DF40F777800: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF40F7973CA), ref: 00007DF40F77781F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc$AcceptConnectPortfree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 342249184-0
                                                                                                                                                              • Opcode ID: 43cdb0e43e3bb4db8479372c37c19a7b829b15f52bb2eb5be2660fa99adcf422
                                                                                                                                                              • Instruction ID: f98cfbb004594a909b0892b3f088ad31123bd53bb847929bfd8fda21629dc57f
                                                                                                                                                              • Opcode Fuzzy Hash: 43cdb0e43e3bb4db8479372c37c19a7b829b15f52bb2eb5be2660fa99adcf422
                                                                                                                                                              • Instruction Fuzzy Hash: 5E414B74618B888FEB64EF28D8857A677E1FF58311F10417AD84ECB251DA34A984CB82
                                                                                                                                                              Function 00007DF40F7775AC Relevance: 2.6, APIs: 2, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 04985fceb7e0520f1b94fde3bed8fce8da7a3c98184c1bd7bf5266c80c44bc02
                                                                                                                                                              • Instruction ID: 32143d3c5c023d003504c113a37731dec41fe10c73ac0262d8c8b270455b7925
                                                                                                                                                              • Opcode Fuzzy Hash: 04985fceb7e0520f1b94fde3bed8fce8da7a3c98184c1bd7bf5266c80c44bc02
                                                                                                                                                              • Instruction Fuzzy Hash: 3C415D30618E0A8FDB88EF6CD888E6677E1FB68311710467BD409D3664DB74E8818BC1
                                                                                                                                                              Function 00007DF40F76D7EC Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Path$AcceptConnectNameName_Portcallocfree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3949126726-0
                                                                                                                                                              • Opcode ID: fc762334f92155f2b23cc0b54819db0953413933c9c836187cb7b3107e1bb17e
                                                                                                                                                              • Instruction ID: fa9cf13465b9b923cf2d81fdc91d7f4a3e1ef71da42b2f09dab4857cf3068bcb
                                                                                                                                                              • Opcode Fuzzy Hash: fc762334f92155f2b23cc0b54819db0953413933c9c836187cb7b3107e1bb17e
                                                                                                                                                              • Instruction Fuzzy Hash: 6301F731228E484FE758AB18A88D8B677D1EB98722B04817AE40BC3251DD25D84187C2
                                                                                                                                                              Function 00007DF40F77A46C Relevance: 2.2, APIs: 1, Instructions: 925COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: b5e97007daa3c0b6fd4ef177dcc0536382052c51028a1df8aa8b23fd91d840d8
                                                                                                                                                              • Instruction ID: b7cc073e72b70d1cc41452bcfe463e8a2dbde037d744bb7c0ea623327154047b
                                                                                                                                                              • Opcode Fuzzy Hash: b5e97007daa3c0b6fd4ef177dcc0536382052c51028a1df8aa8b23fd91d840d8
                                                                                                                                                              • Instruction Fuzzy Hash: 7E62533451CBC88BE769EB18D481ADFB3E1FF98310F54462EE48F93196DE38A5458782
                                                                                                                                                              Function 00007DF40F769B78 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFileMapping
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 524692379-0
                                                                                                                                                              • Opcode ID: e9c055ed6d8655b02a60e3b139eadac7c27d75b1df76138ee3a9b22bc9db6f94
                                                                                                                                                              • Instruction ID: 83a7f1fc256b244fc9d67cbb5da0ef5087737f68fcbbf1b2b647ffb925bfd73f
                                                                                                                                                              • Opcode Fuzzy Hash: e9c055ed6d8655b02a60e3b139eadac7c27d75b1df76138ee3a9b22bc9db6f94
                                                                                                                                                              • Instruction Fuzzy Hash: EDB16F7560CA888FE755EF24D484AAAB7F1FF94310F504A3EE08BD7191DA34E545CB82
                                                                                                                                                              Function 00007DF40F835C44 Relevance: 1.8, APIs: 1, Instructions: 535COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: dad2ba575b60afd1765230df63fccd861c610e9faf9af4568df6d47764a37e7b
                                                                                                                                                              • Instruction ID: 0960673c774bc3ea8f4fdbc25cb433d361fbe2eeb1c14761f0edfb4d8f383f46
                                                                                                                                                              • Opcode Fuzzy Hash: dad2ba575b60afd1765230df63fccd861c610e9faf9af4568df6d47764a37e7b
                                                                                                                                                              • Instruction Fuzzy Hash: B6125F3260CAC98BEBA4EB288884FDB73E1FF94314F54153AD84ED7195EB34E8459781
                                                                                                                                                              Function 00007DF40F7AA860 Relevance: 1.8, APIs: 1, Instructions: 281networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Recv
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4192927123-0
                                                                                                                                                              • Opcode ID: 7fb2397a0277e9484fef2c69d0f3e5692c3022ebfe75c56f062466620395e6f7
                                                                                                                                                              • Instruction ID: b0c586d7034252fae49623a30c0229dc4a7e426a6fb7e71f9894ca24b40009af
                                                                                                                                                              • Opcode Fuzzy Hash: 7fb2397a0277e9484fef2c69d0f3e5692c3022ebfe75c56f062466620395e6f7
                                                                                                                                                              • Instruction Fuzzy Hash: BFA19138A18AC58FF7989B1885856A6B3F1FF95324F51013AE45FD3581E73CE852C782
                                                                                                                                                              Function 00007DF40F7A99C4 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                              • Opcode ID: da1f7c12d0388af386743c173a33d180e3e8ffaf02a00bfeab8a502d738279b6
                                                                                                                                                              • Instruction ID: a5bdd7b15348b2cb6553c0d8e151c49a3752914413810a9ef490a11288488ff3
                                                                                                                                                              • Opcode Fuzzy Hash: da1f7c12d0388af386743c173a33d180e3e8ffaf02a00bfeab8a502d738279b6
                                                                                                                                                              • Instruction Fuzzy Hash: B1917C78618E898FEB94DF2C8488AA677F0FF48325F51017AD50BC7191EB39E850CB52
                                                                                                                                                              Function 00007DF40F778C88 Relevance: 1.7, APIs: 1, Instructions: 245registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Open
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                              • Opcode ID: 622553a3c615753a91eb3fd9b11cd976c303adb2dfff163d0a81c8fdc3930a40
                                                                                                                                                              • Instruction ID: 0eb11a68f999b90f739f6c93f5b089ec32113933c8217af3752252e4e42edf53
                                                                                                                                                              • Opcode Fuzzy Hash: 622553a3c615753a91eb3fd9b11cd976c303adb2dfff163d0a81c8fdc3930a40
                                                                                                                                                              • Instruction Fuzzy Hash: 7A919D3561DB888FE765EF29D889B9AB7E1FF94311F10492AA48EC3250DB34D544CB43
                                                                                                                                                              Function 00007DF40F7AA5FC Relevance: 1.7, APIs: 1, Instructions: 227networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Send
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 121738739-0
                                                                                                                                                              • Opcode ID: 0051d1332015ca9eb0fde512bfdcf8a6436ccc1d25bf5ca958f3248fa894760a
                                                                                                                                                              • Instruction ID: 51daf241712909183feca48f6b7dfbff557bf941dda717cf1f5b844ad39ade53
                                                                                                                                                              • Opcode Fuzzy Hash: 0051d1332015ca9eb0fde512bfdcf8a6436ccc1d25bf5ca958f3248fa894760a
                                                                                                                                                              • Instruction Fuzzy Hash: 0F816F74508A898FEB98DF28C4847A2B7F0FF58324F51427AD41EC7691EB39E850CB81
                                                                                                                                                              Function 00007DF40F7658A8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2039140958-0
                                                                                                                                                              • Opcode ID: d6f69983cbcaceaeb26ba1ea5b8a64e76a865d32011799499ead3451dac6093c
                                                                                                                                                              • Instruction ID: 018e74acc8823130659118b2deaedceeafde65a3ef4a079758814268aaac83da
                                                                                                                                                              • Opcode Fuzzy Hash: d6f69983cbcaceaeb26ba1ea5b8a64e76a865d32011799499ead3451dac6093c
                                                                                                                                                              • Instruction Fuzzy Hash: F3615735918B888BD765EF64D8946EBB7E1FF94310F004A2EE08BD3191DE38A645CB42
                                                                                                                                                              Function 00007DF40F7A8900 Relevance: 1.7, APIs: 1, Instructions: 196networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FromRecv
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2978609661-0
                                                                                                                                                              • Opcode ID: 6738771e32e2c3a38cbebab784fdffca8e9f022b189dc4b71e63e3adecc94a62
                                                                                                                                                              • Instruction ID: 45f258d5eabffa3b1fb76d63ee5265d8f343a221fb54a0ec625dd6360e9c976c
                                                                                                                                                              • Opcode Fuzzy Hash: 6738771e32e2c3a38cbebab784fdffca8e9f022b189dc4b71e63e3adecc94a62
                                                                                                                                                              • Instruction Fuzzy Hash: 67617D39A086848FEB58DF18C4886AAB3E5FFD4320F51057AE44FD7295EB3C99458743
                                                                                                                                                              Function 00007DF40F780BD8 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                              • Opcode ID: f5f5dbeb1f782bf4cea3602f9eb42244c515de7c6129c6c28181388ac56bf6c3
                                                                                                                                                              • Instruction ID: 334bed4c9c10d876dd896fe143a953c9c8984081734fa5e6cbfc4c6d4501c402
                                                                                                                                                              • Opcode Fuzzy Hash: f5f5dbeb1f782bf4cea3602f9eb42244c515de7c6129c6c28181388ac56bf6c3
                                                                                                                                                              • Instruction Fuzzy Hash: CB514E3461CB888FE764DB18D8457ABB7E5FF98320F40093EE88AD3191DA74E8458B56
                                                                                                                                                              Function 00007DF40F7A869C Relevance: 1.7, APIs: 1, Instructions: 184networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Send
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 121738739-0
                                                                                                                                                              • Opcode ID: f09e59c4a88e375ed936c7f087c7f78db32bbeb7997a87dba0a4e3165f336ad8
                                                                                                                                                              • Instruction ID: e13c00184e87b1f9fe3993dedbe6f14f8176285e84286a62cb424cfefced367b
                                                                                                                                                              • Opcode Fuzzy Hash: f09e59c4a88e375ed936c7f087c7f78db32bbeb7997a87dba0a4e3165f336ad8
                                                                                                                                                              • Instruction Fuzzy Hash: EC516B74918A898FEBA8DF59C084B66B7F0FF98314F10066ED44AC7651EB39E845CB42
                                                                                                                                                              Function 00007DF40F768488 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007DF40F766E54: VirtualProtect.KERNELBASE ref: 00007DF40F766EB4
                                                                                                                                                                • Part of subcall function 00007DF40F766E54: VirtualProtect.KERNELBASE ref: 00007DF40F766EDD
                                                                                                                                                                • Part of subcall function 00007DF40F766E54: VirtualProtect.KERNELBASE ref: 00007DF40F766EF9
                                                                                                                                                                • Part of subcall function 00007DF40F766E54: VirtualProtect.KERNELBASE ref: 00007DF40F766F24
                                                                                                                                                              • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF40F7637B8), ref: 00007DF40F7685C5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual$Free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3841229516-0
                                                                                                                                                              • Opcode ID: 5afbd60a0b807c7a74f098b2dc2443effa7d9d7f80fff35eb4fabbfef812e12f
                                                                                                                                                              • Instruction ID: 0bf247354aeac18366dd9960ba7760966cf9cf7d5939b679c1bc420cf155eebe
                                                                                                                                                              • Opcode Fuzzy Hash: 5afbd60a0b807c7a74f098b2dc2443effa7d9d7f80fff35eb4fabbfef812e12f
                                                                                                                                                              • Instruction Fuzzy Hash: DE419434B08A884FEB54FB7894D55AA73A1FF58720B04457BE41FD7296DE28F8018B83
                                                                                                                                                              Function 00007DF40F7AAC7C Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: setsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3981526788-0
                                                                                                                                                              • Opcode ID: 3d65c65a9fd153dbf6886389bb9309b56fb93ee1a6d6af3f2081ee9fc628f1e1
                                                                                                                                                              • Instruction ID: 0938195beb1e83b13fb56755c535ed466f53dc1864c77974e80117c13931dabc
                                                                                                                                                              • Opcode Fuzzy Hash: 3d65c65a9fd153dbf6886389bb9309b56fb93ee1a6d6af3f2081ee9fc628f1e1
                                                                                                                                                              • Instruction Fuzzy Hash: E6417D78904A828FFB989B28C48876177A0FF94335F11137AD86ED72D6D72CD841C741
                                                                                                                                                              Function 00007DF40F7636BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFunctionModeTable
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 928017140-0
                                                                                                                                                              • Opcode ID: d8b39ea72860f03144940c5c37c0e882fbcd44d6cc6aa7f570ee1ff961037723
                                                                                                                                                              • Instruction ID: da19c3c4e268f00e2baef67f8d96cbee5c22ed2b62a5ae849617b2cbbd85027d
                                                                                                                                                              • Opcode Fuzzy Hash: d8b39ea72860f03144940c5c37c0e882fbcd44d6cc6aa7f570ee1ff961037723
                                                                                                                                                              • Instruction Fuzzy Hash: E9318269B189C41BEBD4FB7898D256A72F2EF58720B50043BE40FE32D2D918BC458683
                                                                                                                                                              Function 00007DF40F7AADA4 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: setsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3981526788-0
                                                                                                                                                              • Opcode ID: af3841250dbd06753f3ac78ef88c57f1e354ebc3b66a6e42f84a5488184fc65c
                                                                                                                                                              • Instruction ID: ce76ac3f2459944b0c92932cadbad93076ff61be0de7ad9c34f5b256e95e7fab
                                                                                                                                                              • Opcode Fuzzy Hash: af3841250dbd06753f3ac78ef88c57f1e354ebc3b66a6e42f84a5488184fc65c
                                                                                                                                                              • Instruction Fuzzy Hash: 75314F74608A858FEB98EF18C08876577E0FF54325F15027AD86EDB2D6DB3C9881CB41
                                                                                                                                                              Function 000002DF102C1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 95 2df102c1870-2df102c18a0 call 2df102c08a4 * 2 100 2df102c1954-2df102c195b 95->100 101 2df102c18a6-2df102c18a9 95->101 101->100 102 2df102c18af-2df102c18b9 101->102 102->100 103 2df102c18bf-2df102c18c4 102->103 103->100 104 2df102c18ca-2df102c18d7 103->104 104->100 105 2df102c18d9-2df102c18e1 104->105 105->100 106 2df102c18e3-2df102c18ee 105->106 106->100 107 2df102c18f0-2df102c18f7 106->107 107->100 108 2df102c18f9-2df102c18fc 107->108 108->100 109 2df102c18fe-2df102c1906 108->109 109->100 110 2df102c1908-2df102c190b 109->110 110->100 111 2df102c190d-2df102c1916 110->111 111->100 112 2df102c1918-2df102c191c 111->112 112->100 113 2df102c191e-2df102c192e 112->113 113->100 115 2df102c1930-2df102c1947 GetProcessMitigationPolicy 113->115 115->100 116 2df102c1949-2df102c194e 115->116 116->100 117 2df102c1950-2df102c1951 116->117 117->100
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MitigationPolicyProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1088084561-0
                                                                                                                                                              • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                              • Instruction ID: 527dc5bc721f6b54bbe3e63707d2a3f969af00948439c918c097b8850342fa2d
                                                                                                                                                              • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                              • Instruction Fuzzy Hash: BE31D530100A47DAEBE5976886A97F172D0EB85312F3402BBC81BE38D1EA39CD49D748
                                                                                                                                                              Function 00007DF40F766760 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: getaddrinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 300660673-0
                                                                                                                                                              • Opcode ID: deaa62911d095055c67176996157ca42bd892e404d69f3109c09f0afc13b078f
                                                                                                                                                              • Instruction ID: 57b3ed04baf2b98f1df581737f3d7ddd23d047b164f29a9f44fdfeecb3e777dc
                                                                                                                                                              • Opcode Fuzzy Hash: deaa62911d095055c67176996157ca42bd892e404d69f3109c09f0afc13b078f
                                                                                                                                                              • Instruction Fuzzy Hash: 64314174608A898FEB54EF24C898B5673F1FF98314F504179D44EDB295CB39E812CB42
                                                                                                                                                              Function 00007DF40F7778B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: realloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 471065373-0
                                                                                                                                                              • Opcode ID: 156ce7dabc223b3a4e59b0548a849d703c6134d91a3132a3faa498d915c465c4
                                                                                                                                                              • Instruction ID: 735b2c4e922722e1b907459e812adb01e19cfc89d8839fc654161323e1934da3
                                                                                                                                                              • Opcode Fuzzy Hash: 156ce7dabc223b3a4e59b0548a849d703c6134d91a3132a3faa498d915c465c4
                                                                                                                                                              • Instruction Fuzzy Hash: 6411E134A24E5A8FEB4CAB18D489B22B6E1FF58321B4401B6C409CB695D778D9C1C7C2
                                                                                                                                                              Function 00007DF40F752B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                              • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                              • Instruction ID: 1a82c9c7b9ccaeaf7fb95496554805cc2302bb99d18e14e0ba71a4f4eee31543
                                                                                                                                                              • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                              • Instruction Fuzzy Hash: 7401D630A149498FEB95EB69DC8862673E6FFCC321B544075E80EC7145EAB6BC81CB51
                                                                                                                                                              Function 00007DF40F7A82F4 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: closesocket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2781271927-0
                                                                                                                                                              • Opcode ID: 1c213c052b9009f977bb0cb92c1465456a258376c313e470077c40fbb50ea124
                                                                                                                                                              • Instruction ID: 8fe7554619d793867cd0d62cb2630da20f086926eca89606fe7fd22fe12e58c8
                                                                                                                                                              • Opcode Fuzzy Hash: 1c213c052b9009f977bb0cb92c1465456a258376c313e470077c40fbb50ea124
                                                                                                                                                              • Instruction Fuzzy Hash: 75012874914A888FEF84CF18C4C8B253AE4EF94329F4901AADC0ADA196D379E890C742
                                                                                                                                                              Function 00007DF40F752DE8 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DestroyHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2435110975-0
                                                                                                                                                              • Opcode ID: ec673ff9e198f30a6e73b198e0c4dba3e9d5646e14be9ea40339bdcb6c413d4f
                                                                                                                                                              • Instruction ID: 68f2d9fe88c9b8ccecb6722cf4aeb4e183f415b52c3692332e890ed1a8f90203
                                                                                                                                                              • Opcode Fuzzy Hash: ec673ff9e198f30a6e73b198e0c4dba3e9d5646e14be9ea40339bdcb6c413d4f
                                                                                                                                                              • Instruction Fuzzy Hash: A801A434A082988FD794BF69ACC521937F0EFCC720B40007FD10ED35A2CAB8A882C741
                                                                                                                                                              Function 00007DF40F752D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                              • Opcode ID: ddf67e20fd908dbd9b5f65fd8f9523de744b3b7f28306ecf590263ac6526f4cf
                                                                                                                                                              • Instruction ID: 9c4e76fc5d5ec48e662da36557802296c1b323bb4e5300111693cbc91360a6f4
                                                                                                                                                              • Opcode Fuzzy Hash: ddf67e20fd908dbd9b5f65fd8f9523de744b3b7f28306ecf590263ac6526f4cf
                                                                                                                                                              • Instruction Fuzzy Hash: 17F0E52AE0C7CC4BE754BA7A6CC026621A1EF84730F14453BD50FD3592D9B9A8C1D262
                                                                                                                                                              Function 00007DF40F763424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                              • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                              • Instruction ID: 0f3e5adf2389f2b5957f239e4e2d5bad8c7c7c498594aed1b6868f6135a7e33c
                                                                                                                                                              • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                              • Instruction Fuzzy Hash: 78E0C211B08C0D1B6BA871BE248C57755D6CBDC172304027BF41DC3295EC54CC854381
                                                                                                                                                              Function 00007DF40F7792C8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: setsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3981526788-0
                                                                                                                                                              • Opcode ID: a2c5b03dd0a94b6f6ae717577c89a513574002eb10f5021c1ae6846013b9301b
                                                                                                                                                              • Instruction ID: d1a2c80a9abc1b6dc55f3aeee8c1298889abc4a06b2ccfa5e6a698a791a83588
                                                                                                                                                              • Opcode Fuzzy Hash: a2c5b03dd0a94b6f6ae717577c89a513574002eb10f5021c1ae6846013b9301b
                                                                                                                                                              • Instruction Fuzzy Hash: B6F082742149044BEB48DF5CC48876577F2FFE8315F10016DE909C72E4D7368848C741
                                                                                                                                                              Function 00007DF40F780DE0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                              • Opcode ID: 0541da5cd9645ca365b26065053163e50c5ea57d2cbc72a3d144fb7819baf56c
                                                                                                                                                              • Instruction ID: 6f7d11ad721716140ab7c4f281b7f2e7cea999f4cb8645e31e853b6caf2ad047
                                                                                                                                                              • Opcode Fuzzy Hash: 0541da5cd9645ca365b26065053163e50c5ea57d2cbc72a3d144fb7819baf56c
                                                                                                                                                              • Instruction Fuzzy Hash: 8FE0C232B111240BE72C6ABE2C8917A36CAC3CC673705467BF806C3294DC69CC8612E0
                                                                                                                                                              Function 00007DF40F754010 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                              • Opcode ID: 6e981b391d7af1d16817c184b017a8e7557a7cf25e87b530c87ea5798094bdbd
                                                                                                                                                              • Instruction ID: 5a0cf93815ff5d048a2b135f6aae2ded590df910f55d415ee94481a693a37810
                                                                                                                                                              • Opcode Fuzzy Hash: 6e981b391d7af1d16817c184b017a8e7557a7cf25e87b530c87ea5798094bdbd
                                                                                                                                                              • Instruction Fuzzy Hash: F7E04F34A449094BEB98EB1DC80936036E0EF58316F6042BDD409CA295CB7D989BCF42
                                                                                                                                                              Function 00007DF40F7633F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction ID: f618b283eeeca14c26e1c71b9b9b58eebdf0385fc0214ea41ce86e6c5eb7b344
                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction Fuzzy Hash: F2D05E10724D4D0BEA89663D1C9473695D6EBDC261B50013AE40AC2281E958CC554201
                                                                                                                                                              Function 00007DF40F7A9594 Relevance: 1.5, APIs: 1, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: b50ad2528bbbc3a39da03804d30fe84deeb62d45aab962232fb5a1e6f27d61a4
                                                                                                                                                              • Instruction ID: c34ab0894c2f5afda050f2689e2213f75783991a82c8b1accd2344d6b082cc81
                                                                                                                                                              • Opcode Fuzzy Hash: b50ad2528bbbc3a39da03804d30fe84deeb62d45aab962232fb5a1e6f27d61a4
                                                                                                                                                              • Instruction Fuzzy Hash: 4F714C38508A888FEB98DF18C484B5173F1FF99364F5501BAD90EDB196D738E890CB52
                                                                                                                                                              Function 00007DF40F765C0B Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 7468dfcc71cf66c65d9867ce355f0e05118a9adb10580cb4c2100697e2161ea3
                                                                                                                                                              • Instruction ID: cabda5fdf965dc088a4b889b1acae847622e7d52072475d1a296baf848d4bffd
                                                                                                                                                              • Opcode Fuzzy Hash: 7468dfcc71cf66c65d9867ce355f0e05118a9adb10580cb4c2100697e2161ea3
                                                                                                                                                              • Instruction Fuzzy Hash: B5415035618D888FDB95EF18C481A96B3F1FFA8320F54427AD44ED7195DA34F941CB82
                                                                                                                                                              Function 00007DF40F77B6EA Relevance: 1.4, APIs: 1, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: fc658441497e545411f8d12ae82867206965d0ffbedaeeff1e98540a7c99ac2d
                                                                                                                                                              • Instruction ID: 38a5b5ae01da33231cdd96b8796bdeaf1f29cd7c1f491c50488e969f639d82aa
                                                                                                                                                              • Opcode Fuzzy Hash: fc658441497e545411f8d12ae82867206965d0ffbedaeeff1e98540a7c99ac2d
                                                                                                                                                              • Instruction Fuzzy Hash: 5E414034618E858FD6A9EB28C490E9AB3F1FF98710F10463AD05FC3696CB24F85587C2
                                                                                                                                                              Function 00007DF40F75484C Relevance: 1.4, APIs: 1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 8045162495f0a1599a82a1c598aae7e3f2af9da33d587ca319e6038d57bf292d
                                                                                                                                                              • Instruction ID: 8432eac0d8ded9f970aa5181e1853e967d6a5ad592292409363862eb23caa704
                                                                                                                                                              • Opcode Fuzzy Hash: 8045162495f0a1599a82a1c598aae7e3f2af9da33d587ca319e6038d57bf292d
                                                                                                                                                              • Instruction Fuzzy Hash: 79412B70E085D54BEB68EF2C88E503A77F1EF44310714427BC85BCB146DA68F956C791
                                                                                                                                                              Function 00007DF40F819BCC Relevance: 1.4, APIs: 1, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 37e17b6a5a81d458b63d9fba2e0732eef92e064e24cfc96a0f3344edaeb591ea
                                                                                                                                                              • Instruction ID: 42c3c06d24555d9e44ae55a8f1c584f595b0da7c8bb3d29b97f239834aebde30
                                                                                                                                                              • Opcode Fuzzy Hash: 37e17b6a5a81d458b63d9fba2e0732eef92e064e24cfc96a0f3344edaeb591ea
                                                                                                                                                              • Instruction Fuzzy Hash: CB31FA21A1CAC94BE7589B2C84557E277F9FFC5360F14437AD48FC7282DB19B8428381
                                                                                                                                                              Function 00007DF40F82E9D4 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: b8e087651902e433e692226967a37778e508847145520f0eb43b3ea5f6edc276
                                                                                                                                                              • Instruction ID: 453872c00943b6e206bc4b4aaed50e329f829971285d6afc58b12a58d6c9d3fe
                                                                                                                                                              • Opcode Fuzzy Hash: b8e087651902e433e692226967a37778e508847145520f0eb43b3ea5f6edc276
                                                                                                                                                              • Instruction Fuzzy Hash: C5410A71908A588FDB90DF18D4887D176E1FB68311F1842BBDC4DCF25ADB709881CB90
                                                                                                                                                              Function 00007DF40F777800 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF40F7973CA), ref: 00007DF40F77781F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 38d16abda755f291243861e1c78c6120aca67fea7250e12f64ed2fcbc0708faf
                                                                                                                                                              • Instruction ID: f43f2d865a093b98c786d7f3d0cf2477d0ae49ef6f1374afc151e3898d09a8ec
                                                                                                                                                              • Opcode Fuzzy Hash: 38d16abda755f291243861e1c78c6120aca67fea7250e12f64ed2fcbc0708faf
                                                                                                                                                              • Instruction Fuzzy Hash: 7521A531614E1C8FEB58EF1CD88CAA1B7E1EBA831170441B7D80EDB255DA35E885CB91
                                                                                                                                                              Function 00007DF40F82CD8C Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 90b7d9fafca3969dba8b8a0ba1f9d027c3b9edef9ff36eb18d376e6c514e4ef7
                                                                                                                                                              • Instruction ID: 3e9c3a0487e82521a74278ba06590834a4812b7ff9093a406a21750267e31579
                                                                                                                                                              • Opcode Fuzzy Hash: 90b7d9fafca3969dba8b8a0ba1f9d027c3b9edef9ff36eb18d376e6c514e4ef7
                                                                                                                                                              • Instruction Fuzzy Hash: 9D31EF356158898FEFD9EFA8C4A5BAA37A1FF54321F440079980FDB196CF29B841D740
                                                                                                                                                              Function 00007DF40F7631B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: lstrcmpi
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1586166983-0
                                                                                                                                                              • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                              • Instruction ID: 448ec984f7b9e3d7c41a5c6cbce1d64dde1b36b45650161ec4ba6cd6a7651814
                                                                                                                                                              • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                              • Instruction Fuzzy Hash: 3A11A234B045884FEBE8EB78A85937732E1EF84320B04427BD80FD36A6EE289904D700
                                                                                                                                                              Function 00007DF40F7654A0 Relevance: 1.3, APIs: 1, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: 8b27acc2de4979aebe9906145cc642fcc29ff0c667d0e54ed57961a9299cbbc9
                                                                                                                                                              • Instruction ID: 5426ff5d441e916c7decdf1f1d9eabbbe6d2c4ffb165b2be00c45166274e6f3b
                                                                                                                                                              • Opcode Fuzzy Hash: 8b27acc2de4979aebe9906145cc642fcc29ff0c667d0e54ed57961a9299cbbc9
                                                                                                                                                              • Instruction Fuzzy Hash: 7201AD70609A0C5FD798EF6DD888A613BE5FB6C311B0442BBD40DC76A6EE71D881C790
                                                                                                                                                              Function 00007DF40F7B2B38 Relevance: 1.3, APIs: 1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 434fbfd95cee1f941952b06a93053e9f0b21d4a1a2077fc991ea19a4c46230eb
                                                                                                                                                              • Instruction ID: 355092a4058c004095c2deec2d1e20da0696fa2e0a681eee7b1bb3389f82419d
                                                                                                                                                              • Opcode Fuzzy Hash: 434fbfd95cee1f941952b06a93053e9f0b21d4a1a2077fc991ea19a4c46230eb
                                                                                                                                                              • Instruction Fuzzy Hash: A4F0CD24229C4D4FEEA5FB1CC888E6773E4EF99360B40017AD80EDB152EE16EC81C791
                                                                                                                                                              Function 00007DF40F76C83C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 09a5a33f8584789f2d9f1230bacf479cdee04e6020f94057faecab686301a151
                                                                                                                                                              • Instruction ID: 591632380e942ead4d5168a3014b4f91abacfe204dcf5ac852b6483aba94a458
                                                                                                                                                              • Opcode Fuzzy Hash: 09a5a33f8584789f2d9f1230bacf479cdee04e6020f94057faecab686301a151
                                                                                                                                                              • Instruction Fuzzy Hash: 2301F63020894C8FDF95FB2CC4C4E6573E5EBA8315B2805BAD40ECB245CA25EC82CB80
                                                                                                                                                              Function 00007DF40F7568B8 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF40F756946), ref: 00007DF40F7568FD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                              • Instruction ID: e693d52cd0c5c221cfb72f8833ee996ce7022c5c5f881d80d3c0df1bf1631291
                                                                                                                                                              • Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                              • Instruction Fuzzy Hash: D9018175A08E465BE768AB69D888722B6E1FF98321F14423BD409C3281DB78FCD1C7C1
                                                                                                                                                              Function 00007DF40F75272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                              • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                              • Instruction ID: 70497f50a8e14e5337d2cdcafa626a0271149b6abafd17f049f72f3511dee6bf
                                                                                                                                                              • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                              • Instruction Fuzzy Hash: 64016234A18D8A8BEB98EB2C884462632E1FF5D725754857ED00ED72D1DA69E842CB42
                                                                                                                                                              Function 00007DF40F7777A0 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 3ea7693afc7d3e1368bf9eed2ecddc26aa80c308e7c3125df906bb83ebabea31
                                                                                                                                                              • Instruction ID: 349b77e476aa983523723c4db5ee32931a2f126bc7b8c736234acbcbd8ab8f5e
                                                                                                                                                              • Opcode Fuzzy Hash: 3ea7693afc7d3e1368bf9eed2ecddc26aa80c308e7c3125df906bb83ebabea31
                                                                                                                                                              • Instruction Fuzzy Hash: 5AF06734225E4A8FEB88EF19C498B2273E1FF6C325F60007AD80AC31A0C7789891CB51
                                                                                                                                                              Function 000002DF102C19B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 126 2df102c19b4-2df102c19d1 128 2df102c19dd-2df102c19e4 126->128 129 2df102c19d3-2df102c19da 126->129 130 2df102c19fb-2df102c1a09 128->130 131 2df102c19e6-2df102c19f9 VirtualFree 128->131 129->128 131->130
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                              • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                              • Instruction ID: 7547fc8dffbb1b4f1d41aa96a8a95a4d3aef8f14f487f93d429fab6d68a9f471
                                                                                                                                                              • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                              • Instruction Fuzzy Hash: 73F03031154A098FDF5CEE55C5D9BB133A4FB28301F14017ACC0BCB156DA21E841C751
                                                                                                                                                              Function 00007DF40F7B3990 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: ba8b30d13c309611baf0b921909a32172ca6b347d449534dc47e52292459f375
                                                                                                                                                              • Instruction ID: 8adde700d9e9d28f2ee87a1eb8630dac317b18f685f083e14725e55891c12d3c
                                                                                                                                                              • Opcode Fuzzy Hash: ba8b30d13c309611baf0b921909a32172ca6b347d449534dc47e52292459f375
                                                                                                                                                              • Instruction Fuzzy Hash: 71F0183851BA8BCBFF986B655878365B3A0EF55316B04003FE80BD2590CB6CD994C723
                                                                                                                                                              Function 00007DF40F77770C Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 6669fd11ded420cb76e1da86ad07e8d197d832687f7befda47ab0936ebb628e3
                                                                                                                                                              • Instruction ID: 95efbc4f7a77d0ed0bf102daf6d3b5f88048a1c4d23c237335442f2627cc9423
                                                                                                                                                              • Opcode Fuzzy Hash: 6669fd11ded420cb76e1da86ad07e8d197d832687f7befda47ab0936ebb628e3
                                                                                                                                                              • Instruction Fuzzy Hash: 69F0A734A24F494FDB489B6C8989D2233E1EFA83213644577D409D7174D269D88187C2
                                                                                                                                                              Function 00007DF40F777754 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 8e65fe09760c51d2f2093b76f8410d0323ea693b9c5f04bfcf7d4196eef82624
                                                                                                                                                              • Instruction ID: 84adfd57ded2e0e28a7681d51db167846c11c946d6c1587001224af1bab687d7
                                                                                                                                                              • Opcode Fuzzy Hash: 8e65fe09760c51d2f2093b76f8410d0323ea693b9c5f04bfcf7d4196eef82624
                                                                                                                                                              • Instruction Fuzzy Hash: E3E0EC34526E4E8FEB4DAB38D848B5A36E1FF18354F940475D80AC31D0D679D495CB81
                                                                                                                                                              Function 00007DF40F7540EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                              • Instruction ID: fce21c9ad7aa151e7e0e6cfc405fc136f7e675b2f9d9e474f36a4558586c92bb
                                                                                                                                                              • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                              • Instruction Fuzzy Hash: 52D05E3460AD4B0BEF9CBBAA54A963532E0DF68352710003D940BD2591CE59D881D341
                                                                                                                                                              Function 00007DF40F754D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                              • Instruction ID: ef05bf12c699bc623095e5fc05826bf5710fa8fd8dbea90d310eef540189f178
                                                                                                                                                              • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                              • Instruction Fuzzy Hash: 59B0122C81BDEB02ED5C37B74C6A02A3460EF04211FC40039E817C0454F74CD0D48343
                                                                                                                                                              Function 00007DF40F765B04 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 16c02d5e9e4a23bd4a4be110c0cbc81ea6c1bbd95a64634639a028781b27b67f
                                                                                                                                                              • Instruction ID: c9f4019f92b8a156e7f0b061cf0927ea46b36c8684a54bc794da488a0d4198a1
                                                                                                                                                              • Opcode Fuzzy Hash: 16c02d5e9e4a23bd4a4be110c0cbc81ea6c1bbd95a64634639a028781b27b67f
                                                                                                                                                              • Instruction Fuzzy Hash: 99B012289A7C8B46FDAD33760C9E0153560EF28211FC80036D80AD4140F54CC0964343

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 000002DF102C0511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002DF102C0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_2df102c0000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                              • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                              • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                              • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F
                                                                                                                                                              Function 00007DF40F781761 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000003.145159243316.00007DF40F751000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF40F751000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_3_7df40f751000_fontdrvhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 398a94a58822b0e957653a88b514f27e28a8bd3a6d40257eae07433b6bcdbf5c
                                                                                                                                                              • Instruction ID: bb265576f7fa676275206c04052bf4f84b388f2d7ff9b12d77077d70aed5ecc4
                                                                                                                                                              • Opcode Fuzzy Hash: 398a94a58822b0e957653a88b514f27e28a8bd3a6d40257eae07433b6bcdbf5c
                                                                                                                                                              • Instruction Fuzzy Hash: E4B01120E2880082C2080E0AB802330F2B0E30B300F003230200AF3A20C8B0CC802ACF

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:0.2%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:32
                                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                                              execution_graph 34899 1e604f133f8 34900 1e604f13412 34899->34900 34901 1e604f13417 LoadLibraryA 34900->34901 34902 1e604f1341c 34900->34902 34901->34902 34903 1e604f137c8 34904 1e604f137d1 34903->34904 34907 1e604f1381b 34903->34907 34909 1e605001008 NtAcceptConnectPort NtAcceptConnectPort 34904->34909 34906 1e604f137de 34906->34907 34910 1e604f41e98 34906->34910 34909->34906 34911 1e604f41ebd 34910->34911 34912 1e604f41f4f CoInitializeEx 34911->34912 34913 1e604f41f81 34911->34913 34912->34913 34913->34907 34935 1e604f136bc NtAcceptConnectPort NtAcceptConnectPort 34914 1e604f31e80 34919 1e604f31b4c 34914->34919 34916 1e604f32020 34918 1e604f31e96 34918->34916 34924 1e604f2e354 34918->34924 34927 1e604f2e11c 34919->34927 34921 1e604f31d57 34921->34918 34922 1e604f2e354 NtAcceptConnectPort 34922->34921 34923 1e604f31ba5 34923->34921 34923->34922 34925 1e604f2e368 34924->34925 34926 1e604f2e364 NtAcceptConnectPort 34924->34926 34925->34916 34926->34925 34928 1e604f2e12c NtAcceptConnectPort 34927->34928 34929 1e604f2e141 34927->34929 34928->34929 34929->34923 34934 1e604f1f9e4 NtAcceptConnectPort 34930 1e604f13424 34931 1e604f13440 34930->34931 34932 1e604f1344e 34931->34932 34933 1e604f13445 GetProcAddressForCaller 34931->34933 34933->34932

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 000001E604F2E11C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 34 1e604f2e11c-1e604f2e12a 35 1e604f2e12c-1e604f2e13f NtAcceptConnectPort 34->35 36 1e604f2e141 34->36 37 1e604f2e146-1e604f2e14a 35->37 36->37
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001E604F00000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_1e604f00000_chrome.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 804065b6c4463c2ae8b8642120146980248ff15488b6d4bc1e3601a5cb839453
                                                                                                                                                              • Instruction ID: d9a16f767f81d539b4af767fab1b4b7b964b34615756d7ecbd1120a2f5502a70
                                                                                                                                                              • Opcode Fuzzy Hash: 804065b6c4463c2ae8b8642120146980248ff15488b6d4bc1e3601a5cb839453
                                                                                                                                                              • Instruction Fuzzy Hash: 55D05B34B187C58FD720EB28CA4064D7BE1F7D9358FA44618FC8893310E638D8458782
                                                                                                                                                              Function 000001E604F2E354 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 38 1e604f2e354-1e604f2e362 39 1e604f2e368 38->39 40 1e604f2e364-1e604f2e366 NtAcceptConnectPort 38->40 41 1e604f2e36d-1e604f2e371 39->41 40->41
                                                                                                                                                              APIs
                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,000001E604F31D57), ref: 000001E604F2E364
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001E604F00000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_1e604f00000_chrome.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 5c5cf6d01ec3829f585ded8135c4663d13cf2ee24846b8658a886151464e4c5c
                                                                                                                                                              • Instruction ID: 9067eed744c0877b2523894a819dd39cbf5592cdb22bfc2da8ed63559b32cfdb
                                                                                                                                                              • Opcode Fuzzy Hash: 5c5cf6d01ec3829f585ded8135c4663d13cf2ee24846b8658a886151464e4c5c
                                                                                                                                                              • Instruction Fuzzy Hash: F9C08C30A1488A5AF924727E8F8038D25D0B3DE382FD40000A808C2280E80CCCC08397
                                                                                                                                                              Function 000001E604F41E98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001E604F00000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_1e604f00000_chrome.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize
                                                                                                                                                              • String ID: lx
                                                                                                                                                              • API String ID: 2538663250-3595554650
                                                                                                                                                              • Opcode ID: d0875c7319b58bf14fe9f9934fecfbeb044e466c9831b0b5c3bc7ad31a075fd8
                                                                                                                                                              • Instruction ID: 1fd77c48cc9ea42fe0cc2c02b805ecf7360a9256adaf5526cfbef057699cbbe1
                                                                                                                                                              • Opcode Fuzzy Hash: d0875c7319b58bf14fe9f9934fecfbeb044e466c9831b0b5c3bc7ad31a075fd8
                                                                                                                                                              • Instruction Fuzzy Hash: FD31B330618A588FE764EB28D58CBAE77E1FBD5352F405629F84AC3291DF74C881CB51
                                                                                                                                                              Function 000001E604F13424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001E604F00000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_1e604f00000_chrome.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                              • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                              • Instruction ID: 5cd6de79cc881699b1655a8624a1074d166d1733bd9050a7b118a242e098e813
                                                                                                                                                              • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                              • Instruction Fuzzy Hash: 1AE0C221B08C1D1BAB7861AE648C6BA55C6C7EC273744027BFC1CC3299ED14CC820381
                                                                                                                                                              Function 000001E604F133F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001E604F00000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_1e604f00000_chrome.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction ID: ea5b71a47c2fb3c6c32465db8e3f2da3e768d478417f6109195d151ef49b0ece
                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction Fuzzy Hash: 3FD0A730320D0E0BEA58677D5C9476951C5E7EC362F90113ABC09C2281ED54CC550300

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:5.1%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:5.4%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:259
                                                                                                                                                              Total number of Limit Nodes:21
                                                                                                                                                              execution_graph 21926 18a5292cc9c 21927 18a5292ccba 21926->21927 21928 18a5292cd34 21926->21928 21927->21928 21929 18a5292cce0 21927->21929 21930 18a5292ce5f 21927->21930 21931 18a5292ce2e 21929->21931 21935 18a5292ccf7 21929->21935 21932 18a5292a7e0 malloc 21930->21932 21960 18a5292a7e0 21931->21960 21934 18a5292ce42 21932->21934 21938 18a5292ce93 ReadFile 21934->21938 21935->21928 21936 18a5292cded 21935->21936 21937 18a5292cd2b 21935->21937 21953 18a5292bc64 21936->21953 21937->21928 21941 18a5292c994 21937->21941 21938->21928 21942 18a5292cc66 21941->21942 21946 18a5292c9ce 21941->21946 21942->21928 21943 18a5292cc4f 21976 18a5292a9d4 21943->21976 21945 18a5292cbca free 21947 18a5292cbd5 21945->21947 21946->21942 21946->21945 21946->21947 21949 18a5292cbc2 21946->21949 21964 18a5293e7e8 free free 21946->21964 21965 18a5293dbcc 21946->21965 21947->21943 21971 18a5292c2d0 21947->21971 21975 18a5293e398 free free 21949->21975 21954 18a5292bd60 21953->21954 21955 18a5292bc92 21953->21955 21954->21928 21955->21954 21956 18a5292bcb5 OpenFileMappingW 21955->21956 21956->21954 21957 18a5292bcd2 MapViewOfFile 21956->21957 21958 18a5292bd57 CloseHandle 21957->21958 21959 18a5292bcf0 21957->21959 21958->21954 21959->21958 21961 18a5292a800 21960->21961 21962 18a5292a847 21960->21962 21961->21962 21963 18a5292a86b malloc 21961->21963 21962->21934 21963->21962 21964->21946 21966 18a5293dbe5 21965->21966 21969 18a5293dbde 21965->21969 21967 18a5293dc1e free 21966->21967 21968 18a5293dc24 21966->21968 21966->21969 21967->21968 21968->21969 21979 18a52964c3c 21968->21979 21969->21946 21972 18a5292c313 21971->21972 21974 18a5292c87a 21971->21974 21973 18a5292c7c0 VirtualAlloc 21972->21973 21972->21974 21973->21974 21974->21943 21975->21945 21977 18a5292a9f8 21976->21977 21978 18a5292a9e7 free 21976->21978 21977->21942 21978->21977 21978->21978 21980 18a52964c4a 21979->21980 21981 18a52964c6c 21979->21981 21980->21981 21982 18a52964c65 free 21980->21982 21981->21969 21982->21981 21983 18a5292515c 21996 18a52932a20 21983->21996 21985 18a52925374 21986 18a529251b5 21986->21985 21987 18a52925367 21986->21987 21999 18a52932dac 21986->21999 22008 18a5293290c 21987->22008 21992 18a529252f2 22005 18a52932ddc 21992->22005 21995 18a52932dac NtAcceptConnectPort 21995->21992 21997 18a52932a30 NtAcceptConnectPort 21996->21997 21998 18a52932a45 21996->21998 21997->21998 21998->21986 22000 18a52932dbc NtAcceptConnectPort 21999->22000 22001 18a52925244 21999->22001 22000->22001 22001->21987 22002 18a52932cac 22001->22002 22003 18a52925290 22002->22003 22004 18a52932cbf NtAcceptConnectPort 22002->22004 22003->21992 22003->21995 22004->22003 22006 18a52932dec NtAcceptConnectPort 22005->22006 22007 18a52932df0 22005->22007 22006->22007 22007->21987 22009 18a5293291c NtAcceptConnectPort 22008->22009 22010 18a52932920 22008->22010 22009->22010 22010->21985 22011 18a5292cee0 22012 18a5292cef3 22011->22012 22013 18a5292cf49 22011->22013 22014 18a5292a7e0 malloc 22012->22014 22015 18a5292cf05 22014->22015 22016 18a5292cf28 ReadFile 22015->22016 22016->22013 22249 18a52922de0 6 API calls 22234 18a5292cf64 CreateNamedPipeW BindIoCompletionCallback ConnectNamedPipe NtAcceptConnectPort 22042 18a5292bc28 22043 18a5292bc2d 22042->22043 22047 18a5292bc56 22042->22047 22048 18a52924ec0 calloc 22043->22048 22045 18a5292bc4e 22049 18a5292ba4c 22045->22049 22048->22045 22051 18a5292ba6d 22049->22051 22050 18a5292bba1 22050->22047 22051->22050 22052 18a5292bb44 CreateWindowExW 22051->22052 22052->22050 22057 7df4c68622cc 22059 7df4c68622ee 22057->22059 22058 7df4c686276d 22059->22058 22065 7df4c6861290 22059->22065 22063 7df4c6862754 SetTimer 22063->22058 22064 7df4c6862329 22064->22058 22064->22063 22066 7df4c68612c3 22065->22066 22067 7df4c686129d 22065->22067 22069 7df4c68612c8 22066->22069 22067->22066 22068 7df4c68612a3 RtlAddFunctionTable 22067->22068 22068->22066 22070 7df4c68612e8 VirtualProtect 22069->22070 22072 7df4c68612f7 22069->22072 22070->22072 22071 7df4c6861395 22071->22064 22072->22071 22073 7df4c6861371 VirtualProtect 22072->22073 22073->22072 22082 18a5292698c 22083 18a529269a6 22082->22083 22084 18a529269ab LoadLibraryA 22083->22084 22085 18a529269b0 22083->22085 22084->22085 22240 18a52925910 29 API calls 22094 18a52925918 22097 18a52926c68 22094->22097 22096 18a5292592a 22098 18a52926d54 22097->22098 22099 18a52926c71 22097->22099 22098->22096 22099->22098 22108 18a52933218 22099->22108 22101 18a52926d06 22101->22098 22115 18a52923c88 22101->22115 22103 18a52926d12 22104 18a52926d29 SetErrorMode 22103->22104 22105 18a52926d42 22104->22105 22107 18a52926d6c 22104->22107 22105->22098 22119 18a529269ec 22105->22119 22107->22096 22137 18a529249e4 22108->22137 22110 18a529342a6 22110->22101 22111 18a52933d5a RtlFormatCurrentUserKeyPath 22112 18a52933d66 22111->22112 22112->22110 22141 18a5292563c 6 API calls 22112->22141 22113 18a52933265 22113->22110 22113->22111 22113->22112 22116 18a52923cbb 22115->22116 22117 18a52923c95 22115->22117 22116->22103 22117->22116 22118 18a52923c9b RtlAddFunctionTable 22117->22118 22118->22116 22120 18a529269f5 22119->22120 22125 18a52926a68 22119->22125 22142 18a52924ec0 calloc 22120->22142 22122 18a52926a0f 22123 18a52926acd 22122->22123 22126 18a52926a21 22122->22126 22166 18a5293105c 15 API calls 22123->22166 22125->22098 22126->22125 22127 18a52926a3d 22126->22127 22128 18a52926a99 22126->22128 22129 18a52926a8c 22127->22129 22130 18a52926a42 22127->22130 22165 18a529316c8 12 API calls 22128->22165 22164 18a52931188 15 API calls 22129->22164 22132 18a52926a77 22130->22132 22133 18a52926a47 22130->22133 22163 18a529312bc 17 API calls 22132->22163 22133->22125 22143 18a5292d7c0 22133->22143 22138 18a529249fc 22137->22138 22139 18a52924a26 22138->22139 22140 18a52924a04 calloc 22138->22140 22139->22113 22140->22139 22141->22110 22142->22122 22144 18a5292d7e0 22143->22144 22145 18a5292d7fb MapViewOfFile 22144->22145 22146 18a5292d85f CloseHandle 22144->22146 22153 18a5292d825 22145->22153 22147 18a5292d92b 22146->22147 22148 18a5292d871 22146->22148 22149 18a5292a9d4 free 22147->22149 22148->22147 22167 18a52922b54 22148->22167 22150 18a5292d935 22149->22150 22150->22125 22152 18a5292d881 22152->22147 22171 18a5292e2a8 22152->22171 22153->22146 22157 18a5292d893 22180 18a5292d3b4 6 API calls 22157->22180 22159 18a5292d898 22181 18a529279a0 22159->22181 22161 18a5292d8e7 22187 18a52922ba8 6 API calls 22161->22187 22163->22125 22164->22125 22165->22125 22166->22125 22168 18a52922b64 22167->22168 22169 18a52922b6d HeapCreate 22168->22169 22170 18a52922b86 22168->22170 22169->22170 22170->22152 22172 18a5292e2c0 22171->22172 22177 18a5292e30a 22172->22177 22188 18a52922c24 22172->22188 22173 18a5292d88e 22179 18a5292e1dc GetSystemInfo VirtualAlloc 22173->22179 22174 18a5292e317 VirtualProtect 22192 18a52921000 22174->22192 22177->22173 22177->22174 22178 18a5292e344 VirtualProtect 22178->22173 22179->22157 22180->22159 22185 18a529279ce 22181->22185 22182 18a52927c40 22182->22161 22183 18a52927b8e 22184 18a5292a9d4 free 22183->22184 22184->22182 22185->22182 22185->22183 22201 18a529277dc 22185->22201 22187->22147 22189 18a52922c52 22188->22189 22191 18a52922cbc 22189->22191 22194 18a529224c4 22189->22194 22191->22177 22193 18a5292100c 22192->22193 22193->22178 22197 18a529222d4 GetSystemInfo 22194->22197 22200 18a52922305 22197->22200 22198 18a529223a4 VirtualAlloc 22199 18a529223cf 22198->22199 22198->22200 22199->22191 22200->22198 22200->22199 22202 18a52927804 22201->22202 22209 18a52933158 22202->22209 22204 18a5292782d 22206 18a52927879 22204->22206 22213 18a52932ec8 22204->22213 22207 18a529278bb GetVolumeInformationW 22206->22207 22208 18a5292790c 22206->22208 22207->22208 22208->22183 22210 18a5293317b 22209->22210 22212 18a52933173 22209->22212 22211 18a529331dc NtAcceptConnectPort 22210->22211 22210->22212 22211->22212 22212->22204 22214 18a52932f11 22213->22214 22215 18a52932f67 NtAcceptConnectPort 22214->22215 22216 18a52932f1b 22214->22216 22215->22216 22216->22206 22229 18a52930f18 calloc 22252 18a52926e3a free 22017 18a529384c0 SetErrorMode 22018 18a529384d4 22017->22018 22019 18a5293b936 socket 22018->22019 22020 18a5293b97a getsockopt 22019->22020 22021 18a5293b9c3 socket 22019->22021 22020->22021 22023 18a5293b9e3 22021->22023 22024 18a52932d80 22025 18a52932d90 NtAcceptConnectPort 22024->22025 22026 18a52932d9f 22024->22026 22025->22026 22027 18a5292d004 22028 18a5292d057 22027->22028 22035 18a5292aef0 22028->22035 22030 18a5292d07f CreateNamedPipeW 22031 18a5292d0c7 22030->22031 22034 18a5292d109 22030->22034 22032 18a5292d0e0 BindIoCompletionCallback 22031->22032 22033 18a5292d0f8 ConnectNamedPipe 22032->22033 22032->22034 22033->22034 22036 18a5292af2c 22035->22036 22039 18a52932e84 22036->22039 22038 18a5292af34 22038->22030 22040 18a52932eb2 22039->22040 22041 18a52932e98 NtAcceptConnectPort 22039->22041 22040->22038 22041->22040 22241 18a5292d944 malloc 22053 18a52922908 22054 18a5292295b 22053->22054 22055 18a5292291a 22053->22055 22055->22054 22056 18a5292293d ResumeThread 22055->22056 22056->22055 22247 18a5292e0c8 GetSystemInfo VirtualAlloc 22074 18a5292262c 22075 18a5292265f 22074->22075 22077 18a52922680 Thread32First 22075->22077 22081 18a52922738 22075->22081 22076 18a5292288e 22080 18a52922685 22077->22080 22078 18a52922771 SuspendThread 22078->22081 22079 18a5292272f CloseHandle 22079->22081 22080->22079 22081->22076 22081->22078 22086 18a5292bef0 22087 18a5292bf19 22086->22087 22088 18a5292bf29 22087->22088 22089 18a5292bf47 LoadLibraryA 22087->22089 22089->22088 22090 18a529274f0 22093 18a52927528 22090->22093 22091 18a52927782 22092 18a529275c3 VirtualFree 22092->22093 22093->22091 22093->22092 22233 18a52926c30 NtAcceptConnectPort 22238 18a529317b0 15 API calls 22217 18a52922978 22218 18a5292299e 22217->22218 22219 18a529229a6 VirtualProtect 22217->22219 22218->22219 22220 18a529229c1 22219->22220 22222 18a529229cb 22219->22222 22221 18a52922a0d VirtualProtect 22221->22220 22222->22221 22223 18a529269b8 22224 18a529269d4 22223->22224 22225 18a529269e2 22224->22225 22226 18a529269d9 GetProcAddressForCaller 22224->22226 22226->22225

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007DF4C6851958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                                              • String ID: H$H
                                                                                                                                                              • API String ID: 874015164-136785262
                                                                                                                                                              • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                              • Instruction ID: 4308f934901db6a4cf5f13b3144b0e2c786b4749e05c86e7306c7dbcec975ad4
                                                                                                                                                              • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                              • Instruction Fuzzy Hash: 34B1947060CB888FE754DF18D885A9AB7E5FBD5310F004A2EE5CEC3251DB35E9458B86
                                                                                                                                                              Function 0000018A52933218 Relevance: 15.3, APIs: 1, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 0 18a52933218-18a52933274 call 18a529249e4 3 18a529342bb-18a529342e1 call 18a529349f0 0->3 4 18a5293327a-18a529332db call 18a52926dfc * 3 call 18a529232fc call 18a52926dfc 0->4 18 18a529332e1-18a52933bf4 4->18 19 18a529342a8-18a529342a9 4->19 21 18a52933bfa-18a52933c05 18->21 22 18a52933d49-18a52933d51 18->22 20 18a529342ad-18a529342b6 call 18a52924a40 19->20 20->3 21->22 26 18a52933c0b-18a52933c19 21->26 24 18a52933dc4-18a52933dd5 22->24 25 18a52933d53-18a52933d58 22->25 28 18a52933e2e-18a52933e34 24->28 29 18a52933dd7-18a52933def 24->29 25->24 30 18a52933d5a-18a52933d64 RtlFormatCurrentUserKeyPath 25->30 31 18a52933c1f-18a52933c27 26->31 32 18a52933d44-18a52933d45 26->32 34 18a52933e5f-18a52933e72 28->34 35 18a52933e36-18a52933e37 28->35 29->28 45 18a52933df1-18a52933df9 29->45 30->24 33 18a52933d66-18a52933d77 30->33 31->32 36 18a52933c2d-18a52933c45 31->36 32->22 38 18a52933d92-18a52933d9a 33->38 39 18a52933d79-18a52933d85 33->39 34->19 51 18a52933e78-18a52933e83 34->51 40 18a52933e39-18a52933e58 35->40 41 18a52933c4b-18a52933c4c 36->41 42 18a52933d38-18a52933d3c 36->42 46 18a52933d9c-18a52933db8 call 18a52921000 38->46 60 18a52933dbb-18a52933dbc 39->60 61 18a52933d87-18a52933d90 39->61 40->40 47 18a52933e5a-18a52933e5b 40->47 48 18a52933c4f-18a52933c5f 41->48 44 18a52933d3e-18a52933d3f 42->44 44->32 52 18a52933e0b 45->52 53 18a52933dfb-18a52933e09 45->53 46->60 47->34 50 18a52933c71-18a52933c73 48->50 56 18a52933c61-18a52933c6f 50->56 57 18a52933c75-18a52933c7a 50->57 51->19 58 18a52933e89-18a52933e97 51->58 52->28 59 18a52933e0d-18a52933e28 52->59 53->28 56->50 62 18a52933c80 57->62 63 18a52933d05-18a52933d08 57->63 58->19 64 18a52933e9d-18a52933ea5 58->64 59->28 60->24 61->46 65 18a52933c82-18a52933c89 62->65 67 18a52933d0a-18a52933d0e 63->67 68 18a52933d15-18a52933d24 63->68 64->19 66 18a52933eab-18a52933ecb 64->66 71 18a52933c8b-18a52933c9f 65->71 72 18a52933ca3-18a52933ccf 65->72 66->19 78 18a52933ed1-18a52933ef5 66->78 67->68 69 18a52933d10-18a52933d11 67->69 68->48 70 18a52933d2a-18a52933d36 68->70 69->68 70->44 71->65 73 18a52933ca1 71->73 74 18a52933cd1-18a52933ce5 call 18a52934a1c 72->74 75 18a52933cf7-18a52933cf8 72->75 73->63 74->75 83 18a52933ce7-18a52933cf5 74->83 79 18a52933cfd-18a52933cfe 75->79 81 18a52933efb-18a52933f0e 78->81 82 18a52934014-18a5293404f 78->82 79->63 84 18a52933f10-18a52933f1a 81->84 88 18a52934051-18a52934052 82->88 89 18a529340a7-18a529340b7 82->89 83->79 86 18a52933f20-18a52933f24 84->86 87 18a52933fe5-18a52933ff7 84->87 86->87 90 18a52933f2a-18a52933f74 call 18a52934a30 86->90 87->84 91 18a52933ffd-18a52934012 87->91 92 18a52934054-18a5293405c 88->92 89->19 101 18a529340bd-18a529340d3 89->101 98 18a52933f88-18a52933f8a 90->98 91->82 94 18a5293405e-18a52934063 92->94 95 18a52934089-18a5293409d 92->95 94->95 99 18a52934065-18a5293406e 94->99 95->92 100 18a5293409f-18a529340a0 95->100 102 18a52933f8c-18a52933fa2 98->102 103 18a52933f76-18a52933f86 98->103 104 18a52934071-18a52934074 99->104 100->89 105 18a529340d5-18a529340d6 101->105 106 18a52934149-18a5293414f 101->106 107 18a52933fe1 102->107 108 18a52933fa4-18a52933fac 102->108 103->98 109 18a5293407d-18a52934087 104->109 110 18a52934076 104->110 113 18a529340d8-18a529340e3 105->113 111 18a52934151-18a52934155 106->111 112 18a529341a2-18a529341a9 106->112 107->87 108->107 118 18a52933fae 108->118 109->95 109->104 110->109 119 18a5293415c-18a52934167 111->119 116 18a529341af-18a529341cf call 18a529232fc 112->116 117 18a52934256-18a52934258 112->117 114 18a529340e5-18a529340f2 113->114 115 18a529340f4-18a52934108 113->115 114->115 134 18a5293410c-18a5293411b 114->134 115->106 120 18a5293410a 115->120 135 18a529341d1-18a529341e2 call 18a529235b8 116->135 136 18a529341e4-18a529341f8 call 18a529232fc 116->136 123 18a5293425a-18a52934264 117->123 124 18a52934284-18a5293428d 117->124 122 18a52933fb0-18a52933fc9 call 18a52934a1c 118->122 125 18a52934189-18a529341a0 119->125 126 18a52934169-18a52934175 119->126 120->113 142 18a52933fcb-18a52933fd1 122->142 143 18a52933fd5-18a52933fdb 122->143 123->124 130 18a52934266-18a52934280 123->130 124->20 131 18a5293428f-18a529342a6 call 18a52926e0c call 18a5292563c 124->131 125->112 125->119 126->125 132 18a52934177-18a5293417e 126->132 130->124 131->20 132->125 133 18a52934180-18a52934187 132->133 133->125 139 18a5293411d-18a5293413a 134->139 140 18a5293413c 134->140 135->136 152 18a5293420d-18a52934223 call 18a52932804 135->152 136->117 153 18a529341fa-18a5293420b call 18a529235b8 136->153 148 18a52934141-18a52934143 139->148 140->148 142->122 147 18a52933fd3 142->147 143->107 147->107 148->106 148->124 152->117 159 18a52934225-18a52934235 152->159 153->117 153->152 159->117 161 18a52934237-18a52934250 159->161 161->117
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                              • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                              • API String ID: 4207655178-84560671
                                                                                                                                                              • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                              • Instruction ID: ecc94fb75d0aa2298649e63448aa3b1c61edcef99df3b98cf9f02cb68f5edebe
                                                                                                                                                              • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                              • Instruction Fuzzy Hash: FCA25BB0518B888FE375DF1898857EAB7E4FB99701F504A2FE48AC3351DB7095818B87
                                                                                                                                                              Function 00007DF4C6851CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                                                              • String ID: -
                                                                                                                                                              • API String ID: 167522227-2547889144
                                                                                                                                                              • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                              • Instruction ID: bbf3577b5dc54bb70175c76578fbe23e006f585a561c0e6c31d908821b168b78
                                                                                                                                                              • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                              • Instruction Fuzzy Hash: F191A13060DA894BFB54EF64D8956ABB3E2FF94311F40952AD58FC3191DF78E8008792
                                                                                                                                                              Function 0000018A5292D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2502124517-0
                                                                                                                                                              • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                              • Instruction ID: 3661fa9b8e1427d6f468fa9970f3e8a55cdafb338385c0b9f5f1ee715e16d324
                                                                                                                                                              • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                              • Instruction Fuzzy Hash: 10318030208A088FE795EF28D8D879A77E5FF98310F50462AE45BC22D5DF34C985CB82
                                                                                                                                                              Function 0000018A52933158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 261 18a52933158-18a52933171 262 18a5293317b-18a5293317e 261->262 263 18a52933173-18a52933176 261->263 265 18a5293318a-18a5293319f 262->265 266 18a52933180-18a52933185 262->266 264 18a5293320e-18a52933216 263->264 267 18a529331ab-18a529331da 265->267 268 18a529331a1-18a529331a5 265->268 266->264 269 18a529331dc-18a529331e8 NtAcceptConnectPort 267->269 270 18a529331ea 267->270 268->267 271 18a529331ef-18a529331f1 269->271 270->271 272 18a5293320c 271->272 273 18a529331f3-18a529331fd 271->273 272->264 274 18a529331ff-18a52933203 273->274 275 18a52933205 273->275 276 18a5293320a 274->276 275->276 276->272
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                              • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                              • Instruction ID: 23cc29c66a5e5d19fe9c04bb8724b576b0d4319f94f421b2e416f1c8da202ad2
                                                                                                                                                              • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                              • Instruction Fuzzy Hash: 6E219370704D889FF7649E9DA88876A77E1FBA9301F90453FF549C3360DA258A888787
                                                                                                                                                              Function 0000018A5292262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 278 18a5292262c-18a52922666 call 18a5296342c 281 18a5292266c-18a52922680 call 18a52963426 Thread32First 278->281 282 18a52922738-18a5292273b 278->282 288 18a52922685-18a5292268a 281->288 284 18a52922741-18a52922749 282->284 285 18a5292288e-18a529228a1 282->285 284->285 287 18a5292274f-18a52922750 284->287 289 18a52922752-18a5292276b 287->289 290 18a52922690-18a5292269a 288->290 291 18a52922716-18a52922722 call 18a52963420 288->291 294 18a52922771-18a52922788 SuspendThread 289->294 295 18a5292287e-18a52922888 289->295 290->291 298 18a5292269c-18a529226a6 290->298 297 18a52922727-18a52922729 291->297 300 18a52922796-18a52922798 294->300 295->285 295->289 297->288 299 18a5292272f-18a52922732 CloseHandle 297->299 298->291 306 18a529226a8-18a529226ae 298->306 299->282 301 18a5292279e-18a529227a2 300->301 302 18a52922873-18a5292287c 300->302 304 18a529227b0-18a529227b1 301->304 305 18a529227a4-18a529227ae 301->305 302->295 307 18a529227b4-18a529227b6 304->307 305->307 309 18a529226b0-18a529226d2 306->309 310 18a529226d6-18a529226dc 306->310 307->302 313 18a529227bc-18a529227d2 307->313 309->299 316 18a529226d4 309->316 311 18a529226de-18a529226f8 310->311 312 18a52922705-18a52922712 310->312 311->299 320 18a529226fa-18a52922702 311->320 312->291 314 18a529227d4-18a529227e5 313->314 318 18a529227fe 314->318 319 18a529227e7-18a529227ea 314->319 316->312 323 18a52922800-18a5292280a 318->323 321 18a529227ec-18a529227f5 319->321 322 18a529227f7-18a529227fc 319->322 320->312 321->323 322->323 324 18a5292280c-18a5292280e 323->324 325 18a52922862-18a5292286a 323->325 326 18a529228ad-18a529228b1 324->326 327 18a52922814-18a52922821 324->327 325->314 328 18a52922870-18a52922871 325->328 329 18a529228bf-18a529228cc 326->329 330 18a529228b3-18a529228bd 326->330 331 18a5292283d 327->331 332 18a52922823-18a5292282e 327->332 328->302 336 18a529228ce-18a529228da 329->336 337 18a529228e9-18a529228ed 329->337 330->329 333 18a5292283f-18a52922842 330->333 331->333 334 18a52922830-18a5292283b 332->334 335 18a529228a2-18a529228ab 332->335 333->325 340 18a52922844-18a5292285b 333->340 334->331 334->332 335->333 338 18a529228dc-18a529228e7 336->338 339 18a529228fb-18a52922903 336->339 337->331 341 18a529228f3-18a529228f6 337->341 338->336 338->337 339->333 340->325 341->333
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandleSuspendThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1038686644-0
                                                                                                                                                              • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                              • Instruction ID: dff24c9a36229ea24e5a3a71c50a752cdcffd12b7dce22b3fdf75c44abbb847a
                                                                                                                                                              • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                              • Instruction Fuzzy Hash: D291A031A08E158BFB689B28D8956B9B3D1FF55310F94815AF04AC7285DE34DA82CB86
                                                                                                                                                              Function 00007DF4C68622CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 458 7df4c68622cc-7df4c68622f0 call 7df4c6861000 461 7df4c68622f6-7df4c686230c call 7df4c68610c0 458->461 462 7df4c686276d-7df4c686277f 458->462 461->462 465 7df4c6862312-7df4c6862341 call 7df4c6861290 call 7df4c68612c8 call 7df4c68613a0 461->465 465->462 473 7df4c6862347-7df4c686235b 465->473 473->462 475 7df4c6862361-7df4c6862408 call 7df4c6862780 call 7df4c68631de 473->475 486 7df4c686274d-7df4c6862768 SetTimer 475->486 487 7df4c686240e-7df4c6862417 475->487 486->462 487->486 488 7df4c686241d-7df4c6862434 487->488 488->486 491 7df4c686243a-7df4c6862463 call 7df4c6863090 488->491 495 7df4c6862469-7df4c686246a 491->495 496 7df4c6862744-7df4c6862745 491->496 497 7df4c686246d-7df4c6862470 495->497 496->486 498 7df4c6862737-7df4c6862740 497->498 499 7df4c6862476-7df4c6862479 497->499 498->496 500 7df4c686271c-7df4c6862731 499->500 501 7df4c686247f-7df4c6862492 499->501 500->497 500->498 504 7df4c68624ca-7df4c68624dd 501->504 505 7df4c6862494-7df4c6862497 501->505 509 7df4c6862516-7df4c6862529 504->509 510 7df4c68624df-7df4c68624e2 504->510 505->500 506 7df4c686249d-7df4c68624b9 505->506 506->500 511 7df4c68624bf-7df4c68624c5 506->511 514 7df4c686252b-7df4c686252e 509->514 515 7df4c686255e-7df4c6862574 509->515 510->500 512 7df4c68624e8-7df4c6862501 510->512 511->500 512->500 518 7df4c6862507-7df4c6862511 512->518 514->500 517 7df4c6862534-7df4c686254d 514->517 515->500 521 7df4c686257a-7df4c686257d 515->521 517->500 522 7df4c6862553-7df4c6862559 517->522 518->500 521->500 523 7df4c6862583-7df4c6862591 call 7df4c686309c 521->523 522->500 523->500 526 7df4c6862597-7df4c68625b7 523->526 526->500 528 7df4c68625bd-7df4c68625e0 call 7df4c68613e8 526->528 531 7df4c68625e6-7df4c68625ef 528->531 532 7df4c6862713-7df4c6862714 528->532 531->532 533 7df4c68625f5-7df4c68625f8 531->533 532->500 534 7df4c686268e-7df4c6862695 533->534 535 7df4c68625fe-7df4c6862601 533->535 534->533 536 7df4c686269b-7df4c686269e 534->536 537 7df4c6862687-7df4c686268c 535->537 538 7df4c6862607-7df4c6862631 535->538 536->532 539 7df4c68626a0-7df4c68626c5 536->539 537->534 538->537 542 7df4c6862633-7df4c686264c 538->542 539->532 543 7df4c68626c7-7df4c68626dd 539->543 542->537 546 7df4c686264e-7df4c6862684 542->546 543->532 547 7df4c68626df-7df4c6862710 543->547 546->537 547->532
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145869545930.00007DF4C6861000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6861000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_7df4c6861000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2248422592-0
                                                                                                                                                              • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                              • Instruction ID: f2d601316422a19deb1b5faf1938e8e5127eb84c401049c21f4ea8a4d5f0fd40
                                                                                                                                                              • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                              • Instruction Fuzzy Hash: 8FE1903060DA484FEB54EF28D8989AA77E1FF98311F145A7ED04FC3191DB38E9458B51
                                                                                                                                                              Function 0000018A5292C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 550 18a5292c2d0-18a5292c30d 551 18a5292c96a-18a5292c990 call 18a529349f0 550->551 552 18a5292c313-18a5292c356 call 18a52936564 * 2 550->552 559 18a5292c362-18a5292c365 552->559 560 18a5292c358-18a5292c360 552->560 561 18a5292c371-18a5292c374 559->561 562 18a5292c367-18a5292c36f 559->562 560->559 563 18a5292c380-18a5292c399 561->563 564 18a5292c376-18a5292c37e 561->564 562->561 565 18a5292c39b-18a5292c3a4 563->565 566 18a5292c3a6-18a5292c3a9 563->566 564->563 565->566 567 18a5292c3ab-18a5292c3b4 566->567 568 18a5292c3b6-18a5292c3b9 566->568 567->568 569 18a5292c3bb-18a5292c3c4 568->569 570 18a5292c3c6-18a5292c3e2 568->570 569->570 571 18a5292c3ef-18a5292c3f2 570->571 572 18a5292c3e4-18a5292c3ed 570->572 573 18a5292c3ff-18a5292c402 571->573 574 18a5292c3f4-18a5292c3fd 571->574 572->571 575 18a5292c40f-18a5292c42b 573->575 576 18a5292c404-18a5292c40d 573->576 574->573 577 18a5292c42d-18a5292c436 575->577 578 18a5292c438-18a5292c43b 575->578 576->575 577->578 579 18a5292c43d-18a5292c446 578->579 580 18a5292c448-18a5292c44b 578->580 579->580 581 18a5292c44d-18a5292c456 580->581 582 18a5292c458-18a5292c473 580->582 581->582 583 18a5292c47f-18a5292c482 582->583 584 18a5292c475-18a5292c47d 582->584 585 18a5292c48e-18a5292c491 583->585 586 18a5292c484-18a5292c48c 583->586 584->583 587 18a5292c49d-18a5292c4b8 585->587 588 18a5292c493-18a5292c49b 585->588 586->585 589 18a5292c4ba-18a5292c4c3 587->589 590 18a5292c4c5-18a5292c4c8 587->590 588->587 589->590 591 18a5292c4ca-18a5292c4d3 590->591 592 18a5292c4d5-18a5292c4d8 590->592 591->592 593 18a5292c4da-18a5292c4e3 592->593 594 18a5292c4e5-18a5292c501 592->594 593->594 594->551 595 18a5292c507-18a5292c50e 594->595 595->551 596 18a5292c514-18a5292c51d 595->596 596->551 597 18a5292c523-18a5292c527 596->597 597->551 598 18a5292c52d-18a5292c5fb call 18a529371d4 call 18a52937514 * 3 call 18a52937580 597->598 598->551 609 18a5292c601-18a5292c64b call 18a52936564 * 2 call 18a52937058 598->609 609->551 616 18a5292c651-18a5292c65e 609->616 616->551 617 18a5292c664-18a5292c66a 616->617 618 18a5292c71c-18a5292c71f 617->618 619 18a5292c670 617->619 618->551 621 18a5292c725-18a5292c730 618->621 620 18a5292c675-18a5292c688 619->620 623 18a5292c68a-18a5292c693 620->623 624 18a5292c695-18a5292c699 620->624 621->551 622 18a5292c736-18a5292c7ba call 18a5292a5d8 call 18a5292a5e0 * 3 call 18a5292a5e8 621->622 622->551 646 18a5292c7c0-18a5292c874 VirtualAlloc 622->646 623->624 626 18a5292c69b-18a5292c6a4 624->626 627 18a5292c6a6-18a5292c6aa 624->627 626->627 629 18a5292c6ac-18a5292c6b5 627->629 630 18a5292c6b7-18a5292c6cd 627->630 629->630 632 18a5292c6da-18a5292c6de 630->632 633 18a5292c6cf-18a5292c6d8 630->633 635 18a5292c6eb-18a5292c6ef 632->635 636 18a5292c6e0-18a5292c6e9 632->636 633->632 638 18a5292c6fc-18a5292c705 635->638 639 18a5292c6f1-18a5292c6fa 635->639 636->635 638->618 641 18a5292c707-18a5292c716 638->641 639->638 641->618 641->620 646->551 647 18a5292c87a-18a5292c90c call 18a52921000 646->647 652 18a5292c90e-18a5292c959 647->652 653 18a5292c967-18a5292c968 647->653 652->653 656 18a5292c95b-18a5292c962 call 18a52938a4c 652->656 653->551 656->653
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                              • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                              • Instruction ID: 5edb829bbcbf26d4ae659b98311ab5ecb7e243b5a61983726da9fee4fe282f52
                                                                                                                                                              • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                              • Instruction Fuzzy Hash: A3221531618A944FE72D9B1898862FA77D0FB95301F64462FF4DBC2282DE34D686C782
                                                                                                                                                              Function 0000018A52932EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 658 18a52932ec8-18a52932f0f 659 18a52932f11-18a52932f14 658->659 660 18a52932f16-18a52932f19 658->660 659->660 661 18a52932f1b-18a52932f20 659->661 660->661 662 18a52932f25-18a52932f2f 660->662 665 18a52933136-18a52933157 call 18a529349f0 661->665 663 18a52932f31-18a52932f32 662->663 664 18a52932f38-18a52932f3b 662->664 663->664 666 18a52932f3d-18a52932f4c 664->666 667 18a52932f4e 664->667 669 18a52932f53-18a52932f65 666->669 667->669 671 18a52932f92 669->671 672 18a52932f67-18a52932f90 NtAcceptConnectPort 669->672 673 18a52932f97-18a52932f9e 671->673 672->673 674 18a52932fa0-18a52932fa2 673->674 675 18a52932fe5-18a52932fe8 673->675 674->675 678 18a52932fa4-18a52932faa 674->678 676 18a529330ac-18a529330ae 675->676 677 18a52932fee 675->677 679 18a529330b0 676->679 680 18a52933037-18a5293303c 676->680 681 18a52932ff0-18a52932ff3 677->681 682 18a52932fac-18a52932faf 678->682 683 18a52932fca-18a52932fd0 678->683 686 18a529330be-18a529330c0 679->686 687 18a5293303e-18a52933046 680->687 688 18a529330b9 680->688 689 18a52932ffc-18a52932fff 681->689 690 18a52932ff5-18a52932ff9 681->690 684 18a5293301e-18a52933028 682->684 691 18a52932fb1-18a52932fb4 682->691 683->684 685 18a52932fd2-18a52932fd5 683->685 692 18a52933131 684->692 693 18a5293302e-18a52933032 684->693 694 18a52932fde-18a52932fe1 685->694 695 18a52932fd7 685->695 698 18a52933124-18a52933126 686->698 699 18a529330c2-18a529330d7 call 18a52921000 686->699 696 18a52933055-18a52933063 687->696 697 18a52933048-18a52933051 687->697 688->686 700 18a52933001-18a52933004 689->700 701 18a52933006-18a5293300e 689->701 690->689 702 18a52932fbd-18a52932fc0 691->702 703 18a52932fb6 691->703 692->665 693->665 694->684 705 18a52932fe3 694->705 695->694 716 18a52933065-18a52933072 696->716 717 18a529330b2-18a529330b7 696->717 697->696 698->701 704 18a5293312c 698->704 714 18a529330d9-18a529330de 699->714 715 18a529330e7-18a529330f7 699->715 700->701 701->684 707 18a52933010-18a52933013 701->707 702->684 708 18a52932fc2-18a52932fc8 702->708 703->702 704->692 705->702 707->684 713 18a52933015-18a52933016 707->713 708->684 713->684 714->715 718 18a529330e0-18a529330e5 714->718 715->681 719 18a529330fd-18a52933105 715->719 720 18a5293309e 716->720 721 18a52933074-18a5293309c 716->721 717->665 718->715 723 18a5293311b-18a5293311f 718->723 719->681 724 18a5293310b-18a52933110 719->724 722 18a529330a3-18a529330a7 720->722 721->722 722->676 723->681 724->681 725 18a52933116 724->725 725->723
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                              • Instruction ID: 06368760bf47e0e73a14e234a3036b558400ce44c0caac532f578f60621de2a0
                                                                                                                                                              • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                              • Instruction Fuzzy Hash: 3E816331A18E49CBF7759B58A444BAAB3D1EFA4340F90C62AF446C7390DF75DA808787
                                                                                                                                                              Function 0000018A52932CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                              • Instruction ID: dd13656ad48fd4053d410c9b3162fefa2db03e6342b3d7bec751ae2095efb662
                                                                                                                                                              • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                              • Instruction Fuzzy Hash: 0AF0BD74A18B848FDB64EB2CD489B99B7E0FBA9300F50855AE84CC3345DB3498808B46
                                                                                                                                                              Function 0000018A52932E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                              • Instruction ID: e2adca226df174634bc63b8cfd1f6d8db049d19199fcd95be66a6713350785d8
                                                                                                                                                              • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                              • Instruction Fuzzy Hash: 81E09B71608A048FDB10DF94D8C19A9F7E0EBE5304F404D2AE84ACA264D674DA88C783
                                                                                                                                                              Function 0000018A52932A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                              • Instruction ID: 208c6e9f0a6955d1365158036a8fd8f50a7ab444cab917672bdd900d0cf62d09
                                                                                                                                                              • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                              • Instruction Fuzzy Hash: A8D01234A18B458BE620AB28944160A7BE1FBEA314F948619F844C3361E639D9818787
                                                                                                                                                              Function 0000018A52932D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                              • Instruction ID: 23fc740d8ae3936510aafa68a2b9aea6b31b1685dc098f5d79a3c23545e586a8
                                                                                                                                                              • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                              • Instruction Fuzzy Hash: 07D05E34A28A898BEA60A728990060577E1FFE6304F918619A448C3304E62DD9808387
                                                                                                                                                              Function 0000018A52932DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                              • Instruction ID: 48d44864461692d7fa77e29ca73cd9b7a0a062ae3bca0d1e286763a7171bd5ed
                                                                                                                                                              • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                              • Instruction Fuzzy Hash: 0BD01234A18B498BE710AB2895406097BE1FFDA314F94461DF84483310E639D98087C7
                                                                                                                                                              Function 0000018A5293290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                              • Instruction ID: 92231b1c70502f8f3e75258c981fe6e5fd1177e54f7b76a547a665bfb34b5fab
                                                                                                                                                              • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                              • Instruction Fuzzy Hash: AEC08C24E18D0E8BFA2A66AAEE803947290AB6E300FC00000E404C2380EC0DCAC04393
                                                                                                                                                              Function 0000018A52932DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000018A52925367), ref: 0000018A52932DEC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AcceptConnectPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1658770261-0
                                                                                                                                                              • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                              • Instruction ID: 8e405ecb6e51602e3585a148f06e7836461f2f7dad3231177caf508f7d60b10c
                                                                                                                                                              • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                              • Instruction Fuzzy Hash: 3FC08C20A18C0BABF924626E6C807542280EF5E344FC00002B414C2384FC0CCAC0539B
                                                                                                                                                              Function 00007DF4C6851438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4069062851-0
                                                                                                                                                              • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                              • Instruction ID: 289971003787d6456fd593e359474e9cdbc1a056833e1411431c10e2e1033c56
                                                                                                                                                              • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                              • Instruction Fuzzy Hash: E2411A3151CA488BE755EF24D899BDBB3E1FB94305F409A2EE58FC2191EF7895048B42
                                                                                                                                                              Function 0000018A529384C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket$ErrorModegetsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 552242919-0
                                                                                                                                                              • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                              • Instruction ID: 5d761e2c8b1f3afd163a42a14cb908389db2442ead8d7690fac9d727aba87a42
                                                                                                                                                              • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                              • Instruction Fuzzy Hash: BF41A674618B48CFE758EF28E85859A77E1FBA9300F51462EE04BC33A1DF389545CB42
                                                                                                                                                              Function 0000018A5292E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID: rE\
                                                                                                                                                              • API String ID: 544645111-988334199
                                                                                                                                                              • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                              • Instruction ID: c106c7328985c4f30e6750c426fccc05b53e4bf3e6c5b06343f37d9f101c1fc4
                                                                                                                                                              • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                              • Instruction Fuzzy Hash: CB116031308D494BFB45F758A891BE9739AFBD8300F80552AB54FC3386DE28DA854782
                                                                                                                                                              Function 0000018A5292BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2553196624-0
                                                                                                                                                              • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                              • Instruction ID: c887e20b59aec069790957686f4766e6f5dc7a72fe960396f33e36074ca947aa
                                                                                                                                                              • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                              • Instruction Fuzzy Hash: 31314331614D4C8FEB65EF24D4857EAB3D5FF58301F90852AB44BC3292EE34D6498742
                                                                                                                                                              Function 0000018A5292BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateWindow
                                                                                                                                                              • String ID: P
                                                                                                                                                              • API String ID: 716092398-3110715001
                                                                                                                                                              • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                              • Instruction ID: 60b9bb4494480266b0ddb26957a59e9b66e896fd830ed02f119cf12758ba46da
                                                                                                                                                              • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                              • Instruction Fuzzy Hash: 34515270518B848FE765EF24D89679ABBE4FB94310F10862EE08EC2290DF349545CB83
                                                                                                                                                              Function 0000018A529222D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 343 18a529222d4-18a52922303 GetSystemInfo 344 18a52922305-18a52922310 343->344 345 18a52922313-18a52922329 343->345 344->345 346 18a5292232f-18a52922332 345->346 347 18a5292234e-18a52922354 346->347 348 18a52922334-18a52922337 346->348 351 18a529223cf-18a529223d2 347->351 352 18a52922356-18a52922366 347->352 349 18a52922349-18a5292234c 348->349 350 18a52922339-18a5292233c 348->350 349->346 350->349 354 18a5292233e-18a52922343 350->354 353 18a5292245e 351->353 355 18a52922395-18a5292239b 352->355 358 18a5292246b-18a52922482 353->358 359 18a52922460-18a52922463 353->359 354->349 360 18a529224b1-18a529224c3 354->360 356 18a5292239d 355->356 357 18a52922368-18a5292237f 355->357 361 18a5292239f-18a529223a2 356->361 357->356 372 18a52922381-18a52922389 357->372 364 18a52922484-18a5292249e 358->364 362 18a52922469 359->362 363 18a529223d7-18a529223f5 359->363 361->351 365 18a529223a4-18a529223c4 VirtualAlloc 361->365 362->360 367 18a52922437 363->367 368 18a529223f7-18a5292240e 363->368 364->364 366 18a529224a0-18a529224ab 364->366 365->358 370 18a529223ca-18a529223cd 365->370 366->360 371 18a52922439-18a5292243c 367->371 368->367 376 18a52922410-18a52922418 368->376 370->351 370->352 371->360 374 18a5292243e-18a5292245c 371->374 372->361 375 18a5292238b-18a52922393 372->375 374->353 375->355 375->356 376->371 378 18a5292241a-18a52922435 376->378 378->367 378->368
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocInfoSystemVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3440192736-0
                                                                                                                                                              • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                              • Instruction ID: 4a4f2efb6fb6d455b5868163974e584b6d1b92dbc07b8ef7d7203d3df5e734d6
                                                                                                                                                              • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                              • Instruction Fuzzy Hash: 9251C430A18E0D8FFB55EB6C95483A9B3D1FB98300F94812AF44DC3295EE74C9C58782
                                                                                                                                                              Function 0000018A5292D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseFileHandleView
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3964672402-0
                                                                                                                                                              • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                              • Instruction ID: 590621028119268858edb608f12553ba8e7cee850804613a90d341c751e394fb
                                                                                                                                                              • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                              • Instruction Fuzzy Hash: 3F416131214D088FFB45FF68D885BEA73E4EF95301F50452AB40AD2296DF34EA81CB82
                                                                                                                                                              Function 0000018A52922978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                              • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                              • Instruction ID: 35592ccf5437771d5030cd5ca30a1d15af23d2f5f3503fcf16fea2f9b723ed00
                                                                                                                                                              • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                              • Instruction Fuzzy Hash: BA31063160CA848BFB149B2CD8987957BD5FB5A310F554296F89DC72DACB58C842C386
                                                                                                                                                              Function 00007DF4C68512C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                              • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                              • Instruction ID: 371f2a6d49e385d7c19ff967127b058e4a04425219e4f47efa4c69f104910520
                                                                                                                                                              • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                              • Instruction Fuzzy Hash: 2721273160A64547FB189F6CC4A46B6B3F2FF94320F14913BE88FC7A85D76CE8018265
                                                                                                                                                              Function 00007DF4C68612C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145869545930.00007DF4C6861000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6861000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_7df4c6861000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                              • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                              • Instruction ID: bfb3fbdf9ff9a886b6140055d9f25bb8253e8c0d08eb9a2a48eeeae78def9f50
                                                                                                                                                              • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                              • Instruction Fuzzy Hash: 4D21083160A94547EB189F2CD584676B3F1FF94320F14993BE88FC7A86D76CF8018265
                                                                                                                                                              Function 00007DF4C68515E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileMappingOpen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1680863896-0
                                                                                                                                                              • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                              • Instruction ID: 0fdbaed9f95067aa16b2a75d4123bbf69394cd0a142f878bc118583bcd6e9197
                                                                                                                                                              • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                              • Instruction Fuzzy Hash: 0671727061C7884FE775EF28D4957ABB7E1FB98310F005A2EE5CFC2152EA34A5058B92
                                                                                                                                                              Function 0000018A5292CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                              • Instruction ID: f830baed83b88fc285d5bf4904932f16fb88dbee3d512a7063a0439b47c64523
                                                                                                                                                              • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                              • Instruction Fuzzy Hash: E1719672208F048FE769EB18D881AA573E1FF94710F51461EF48BC3691DE30EA8687C6
                                                                                                                                                              Function 0000018A52926C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                              • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                              • Instruction ID: f6a41b7378f8b02500befa32264a71c3abf6f31a46400372f147a473e4c21ae9
                                                                                                                                                              • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                              • Instruction Fuzzy Hash: B7415730214E488BFB59E728D8917EA73D5EF94311F84861BB446C37D2DE24DB858747
                                                                                                                                                              Function 0000018A529277DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2039140958-0
                                                                                                                                                              • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                              • Instruction ID: e271bf5c1d2b4d04b6f0ea099e7344aa2bc7732bfe9252abe45ab259ee887a13
                                                                                                                                                              • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                              • Instruction Fuzzy Hash: E4411075118B488BE769EB24D8957DBB3E0FF94301F408A1EB08AC3291DF759645CB42
                                                                                                                                                              Function 0000018A5292CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                              • Instruction ID: b21607f5aa8f54951f72e500d779f76ec434899ef8f802c76e715e211a8fef9c
                                                                                                                                                              • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                              • Instruction Fuzzy Hash: 27014471604A0C8FEB45EF19D8859EDB3E9FBD8314F50462AF84AC2250DF34DB558782
                                                                                                                                                              Function 0000018A52922908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                              • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                              • Instruction ID: 7b1f59f66e37b1fe4f378d1acd826b9815ab0ec7d5f922e7a15c04e216b1306a
                                                                                                                                                              • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                              • Instruction Fuzzy Hash: 3E012635B089098FFB54AB3DDD8866573D1FB89311B848075F80EC7254DA399C81CB41
                                                                                                                                                              Function 0000018A5292BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                              • Instruction ID: fc0837fabb2db87c43b4ee8332358819df051ed7ea7a21a47bfaca18dfabf17e
                                                                                                                                                              • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                              • Instruction Fuzzy Hash: 99013170614E8C8FF745EB3898657AA37D6EB54301F90857BB04AC3396DE28CA448742
                                                                                                                                                              Function 0000018A52922B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                              • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                              • Instruction ID: 5ab500ceec6bde6fb7f2f3ee68de783554b6b875b9afbeda0ea4f33677e1a24a
                                                                                                                                                              • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                              • Instruction Fuzzy Hash: B3F03071E08E09CBF764AFB66C842A67351DB85312FA4893FB405C7291DD7A89C19742
                                                                                                                                                              Function 0000018A529269B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                              • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                              • Instruction ID: 933462816276fbd41f5f71c86e21f5c280489a760dfe0afe66b0faa04e9b9cec
                                                                                                                                                              • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                              • Instruction Fuzzy Hash: F3E0C221704C190BBB6C61AE248C6B662C6CBDC272754427BF41DC3395EC50CC814391
                                                                                                                                                              Function 00007DF4C6851290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000003.145099473822.00007DF4C6851000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6851000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_3_7df4c6851000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                              • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                              • Instruction ID: 2cd9ef963d5c5b668615b281fd1a23f5958348d88482dcfe709d1a328a741587
                                                                                                                                                              • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                              • Instruction Fuzzy Hash: BBE04F309059055BEB98DA1DC809B503AE1EB5C31AF608669D509C9291CB79949BCF81
                                                                                                                                                              Function 0000018A529274F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                              • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                              • Instruction ID: 63d841948ae52496cc5fd668fc96e5e83cc2a52bf1f55f2539444c0800d6c73f
                                                                                                                                                              • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                              • Instruction Fuzzy Hash: 93914234218E099FEB55EF18D485AEA73E1FF64300F84856AF44AC7296DE30E995C782
                                                                                                                                                              Function 0000018A52923C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                              • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                              • Instruction ID: 6c2ff6d1ef1c1609c9008acfbe62233ba26ff801fcaaf295d778bc2270fc41a9
                                                                                                                                                              • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                              • Instruction Fuzzy Hash: 9AE04F301009058BEFACDB1DC84939036D1EB98306FA08259E805C9391CB39C8EBCF86
                                                                                                                                                              Function 00007DF4C6861290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145869545930.00007DF4C6861000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4C6861000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_7df4c6861000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FunctionTable
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1252446317-0
                                                                                                                                                              • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                              • Instruction ID: 24df6fdea6752a9780857fb95f36a12e17fbe2b9fcbc3c05bfb7d0e96e036c35
                                                                                                                                                              • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                              • Instruction Fuzzy Hash: B0E04F309059054BEB98DA1DC80975036E0FB5C316F608669D509C9291CB39D89BCF81
                                                                                                                                                              Function 0000018A5292698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction ID: 280a8738b8adf21ed12de09e698799fc307873ede3b64d0e0a3ecbba55ff394b
                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction Fuzzy Hash: B3D0A720320D0D0BFA4CA33D5C9576522C6EBCC321F90513BB40AC2381DD54CC950301
                                                                                                                                                              Function 0000018A5292C994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                              • Instruction ID: e8f6c815d687b3c67f2eaa2ec9a169577135f2b58c7bface05ce4f435e1af540
                                                                                                                                                              • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                              • Instruction Fuzzy Hash: 9F910E71518E488BE765EF14D4856EAB3E1FFA4300F81492FF08AC3292DE759A85C783
                                                                                                                                                              Function 0000018A5292A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                              • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                              • Instruction ID: d4c73f330a86714f47cbd4fc7a77703583d1161056fd847dfd3d3f10497746bd
                                                                                                                                                              • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                              • Instruction Fuzzy Hash: C6419831214D0E8FEB88EF2CD888AA5B7E1FB68311751466BE409C3665DF34E9D58BC1
                                                                                                                                                              Function 0000018A5293DBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                              • Instruction ID: 73c20a8a08025accc33898f7e56e4a8e43723a75fe23cab856cb7e24630b4cf6
                                                                                                                                                              • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                              • Instruction Fuzzy Hash: EF113930210D19CFFB759E6994A47A533E0EFA8315F94416AE809CA395CB708884C7A2
                                                                                                                                                              Function 0000018A52964C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                              • Instruction ID: 7178899d041540e1c330de392f1197cda94b5d7f2e485b455bb062bb1fd1ebb6
                                                                                                                                                              • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                              • Instruction Fuzzy Hash: 83F0C2B0210D0A8FFFA4DBA88494FA037D5EF58300F906155E81AC6395DF26DC81C751
                                                                                                                                                              Function 0000018A5292A9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                              • Instruction ID: ac7052b4ea29d6c44dbfd0ee742d4d9aa7bc3f02ce5f922339ed45702972f417
                                                                                                                                                              • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                              • Instruction Fuzzy Hash: 9AF01D71211E0A8FEB84EF19D49876073E4FF68305FA4416AA509C2690DB758C94C702
                                                                                                                                                              Function 0000018A529249E4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000013.00000002.145866970356.0000018A52921000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000018A52921000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_19_2_18a52921000_wmlaunch.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: calloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2635317215-0
                                                                                                                                                              • Opcode ID: fe709fb456bbc0293cae2110005601c713657d4a340167cae24b70770651a1a7
                                                                                                                                                              • Instruction ID: 4590a7f187027a313cf9c532100ff251455adcc84ebd78f20d563abacd73b76e
                                                                                                                                                              • Opcode Fuzzy Hash: fe709fb456bbc0293cae2110005601c713657d4a340167cae24b70770651a1a7
                                                                                                                                                              • Instruction Fuzzy Hash: 9BF082B0220D0D8FF794AF2C9C9876976D5EB99302F948576A809C62A1EE78CD949701

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:2.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:210
                                                                                                                                                              Total number of Limit Nodes:5
                                                                                                                                                              execution_graph 13963 1afe8632ad2 13964 1afe8632ae7 13963->13964 13965 1afe8632b07 13964->13965 13966 1afe86346c4 2 API calls 13964->13966 13966->13965 13983 1afe8659554 13984 1afe865955e 13983->13984 13985 1afe8659578 13983->13985 13984->13985 13987 1afe8657fe0 13984->13987 13988 1afe8657ef0 3 API calls 13987->13988 13989 1afe8658011 13988->13989 13989->13985 13737 1afe8632690 13740 1afe86328d4 13737->13740 13741 1afe86326a2 13740->13741 13742 1afe86328dd 13740->13742 13742->13741 13743 1afe8632944 SetErrorMode 13742->13743 13744 1afe8632955 13743->13744 13746 1afe8633970 13744->13746 13747 1afe8633991 13746->13747 13749 1afe8633ae9 13747->13749 13754 1afe8633544 13747->13754 13749->13741 13751 1afe86339c2 13751->13749 13758 1afe863376c 13751->13758 13752 1afe8633a5e 13752->13749 13753 1afe8633ad3 NtQuerySystemInformation 13752->13753 13753->13749 13755 1afe863356d 13754->13755 13756 1afe8633637 GetVolumeInformationW 13755->13756 13757 1afe8633672 13755->13757 13756->13757 13757->13751 13759 1afe863379e 13758->13759 13760 1afe863387e CreateFileMappingW 13759->13760 13761 1afe86338b8 MapViewOfFile 13760->13761 13762 1afe86338db 13760->13762 13761->13762 13762->13752 13767 1afe8657ef0 13768 1afe8657f14 socket 13767->13768 13770 1afe8657f2c 13767->13770 13769 1afe8657f47 13768->13769 13768->13770 13769->13770 13772 1afe8657b00 13769->13772 13773 1afe8657b32 13772->13773 13774 1afe8657b55 CreateIoCompletionPort 13773->13774 13777 1afe8657b3d 13773->13777 13775 1afe8657b6d 13774->13775 13776 1afe8657ba2 SetFileCompletionNotificationModes 13775->13776 13775->13777 13776->13777 13777->13770 13778 1afe8632874 13779 1afe863288e 13778->13779 13780 1afe8632893 LoadLibraryA 13779->13780 13781 1afe8632898 13779->13781 13780->13781 13911 1afe8635454 13912 1afe86354c9 13911->13912 13914 1afe863546a 13911->13914 13912->13914 13915 1afe86353d4 13912->13915 13916 1afe86353d9 13915->13916 13917 1afe8635416 13915->13917 13916->13917 13918 1afe86346c4 2 API calls 13916->13918 13917->13914 13918->13917 13782 1afe8656f3c SetErrorMode 13783 1afe8656f50 13782->13783 13784 1afe865a516 socket 13783->13784 13785 1afe865a5a3 socket 13784->13785 13786 1afe865a55a getsockopt 13784->13786 13788 1afe865a5c3 13785->13788 13786->13785 13789 1afe86330d8 13791 1afe863310b 13789->13791 13792 1afe863311d 13791->13792 13793 1afe86346c4 13791->13793 13794 1afe86346d6 13793->13794 13796 1afe86346ef 13794->13796 13797 1afe8634634 13794->13797 13796->13792 13798 1afe863464f 13797->13798 13800 1afe8634660 13798->13800 13801 1afe8638110 13798->13801 13800->13796 13804 1afe8638119 13801->13804 13805 1afe86381d2 13801->13805 13802 1afe86381a3 13803 1afe86380cc 2 API calls 13802->13803 13802->13805 13803->13805 13804->13802 13807 1afe86380cc 13804->13807 13805->13800 13808 1afe86380d1 13807->13808 13809 1afe86380f1 13807->13809 13808->13809 13812 1afe8640e88 13808->13812 13809->13802 13813 1afe8640e91 13812->13813 13815 1afe86380e7 free 13812->13815 13814 1afe8640faf free 13813->13814 13813->13815 13814->13813 13815->13809 13872 1afe8633478 13873 1afe863348b 13872->13873 13875 1afe86334e6 13873->13875 13876 1afe8634918 13873->13876 13878 1afe863493e 13876->13878 13877 1afe8634946 13877->13875 13878->13877 13879 1afe86346c4 2 API calls 13878->13879 13879->13877 13821 1afe86331dc 13822 1afe86331f9 13821->13822 13823 1afe8633203 13822->13823 13826 1afe8633218 13822->13826 13824 1afe86346c4 2 API calls 13823->13824 13825 1afe863320b 13824->13825 13830 1afe8634350 13826->13830 13828 1afe86332a7 13834 1afe8634864 13828->13834 13831 1afe8634368 13830->13831 13837 1afe8639d58 13831->13837 13833 1afe86343c0 13833->13828 13845 1afe8637fcc 13834->13845 13836 1afe8634877 13836->13825 13838 1afe8639d80 13837->13838 13840 1afe8639d8c 13838->13840 13841 1afe8639b84 13838->13841 13840->13833 13842 1afe8639b9b 13841->13842 13843 1afe86380cc 2 API calls 13842->13843 13844 1afe8639bae 13842->13844 13843->13844 13844->13840 13846 1afe8637fdc 13845->13846 13848 1afe8637ff9 13845->13848 13846->13848 13849 1afe8637f9c 13846->13849 13848->13836 13850 1afe8637faa 13849->13850 13852 1afe8637fc0 13849->13852 13850->13852 13853 1afe863f1f4 13850->13853 13852->13846 13854 1afe863f208 13853->13854 13857 1afe863f270 13853->13857 13855 1afe863f352 13854->13855 13856 1afe863f247 13854->13856 13854->13857 13855->13857 13864 1afe8639aac 13855->13864 13856->13857 13860 1afe863a6d4 13856->13860 13857->13852 13861 1afe863a70d 13860->13861 13863 1afe863a742 13860->13863 13861->13863 13868 1afe8639894 13861->13868 13863->13857 13865 1afe8639ac6 13864->13865 13866 1afe86380cc 2 API calls 13865->13866 13867 1afe8639af6 13865->13867 13866->13867 13867->13857 13869 1afe86398bc 13868->13869 13871 1afe86398a8 13868->13871 13870 1afe8640e88 free 13869->13870 13869->13871 13870->13871 13871->13863 13971 1afe86595a4 13972 1afe86595d6 13971->13972 13973 1afe86595b3 13971->13973 13973->13972 13975 1afe8658024 13973->13975 13978 1afe8657ef0 13975->13978 13977 1afe865806d 13977->13972 13979 1afe8657f14 socket 13978->13979 13981 1afe8657f2c 13978->13981 13980 1afe8657f47 13979->13980 13979->13981 13980->13981 13982 1afe8657b00 2 API calls 13980->13982 13981->13977 13982->13981 13763 1afe86328a0 13764 1afe86328bc 13763->13764 13765 1afe86328c1 GetProcAddressForCaller 13764->13765 13766 1afe86328ca 13764->13766 13765->13766 13884 1afe8634480 13885 1afe863449a 13884->13885 13886 1afe86344da 13885->13886 13888 1afe8634224 13885->13888 13889 1afe863429c 13888->13889 13890 1afe863423b 13888->13890 13889->13886 13890->13889 13892 1afe863aacc 13890->13892 13893 1afe863aaec 13892->13893 13897 1afe863acb8 13892->13897 13893->13897 13901 1afe8639ef4 13893->13901 13896 1afe8637fcc 2 API calls 13898 1afe863ab18 13896->13898 13897->13890 13898->13897 13899 1afe8639b84 2 API calls 13898->13899 13900 1afe8637fcc 2 API calls 13898->13900 13899->13898 13900->13898 13902 1afe8639f04 13901->13902 13904 1afe8639f5e 13901->13904 13902->13904 13905 1afe8639eac 13902->13905 13904->13896 13904->13897 13904->13898 13906 1afe8639ee7 13905->13906 13909 1afe8639eba 13905->13909 13906->13904 13907 1afe8639ed1 13907->13906 13908 1afe8637fcc 2 API calls 13907->13908 13908->13906 13909->13906 13909->13907 13910 1afe8639b84 2 API calls 13909->13910 13910->13907 13923 1afe8635540 13924 1afe863555e 13923->13924 13925 1afe86353d4 2 API calls 13924->13925 13926 1afe863558a 13924->13926 13925->13926 13816 1afe86380cc 13817 1afe86380d1 13816->13817 13818 1afe86380f1 13816->13818 13817->13818 13819 1afe8640e88 free 13817->13819 13820 1afe86380e7 free 13819->13820 13820->13818 13927 1afe8632f2c 13929 1afe8632f46 13927->13929 13930 1afe8633043 13927->13930 13928 1afe86346c4 2 API calls 13933 1afe8633041 13928->13933 13929->13930 13931 1afe8632fc9 13929->13931 13929->13933 13930->13928 13931->13933 13934 1afe8635ce8 13931->13934 13938 1afe8635d04 13934->13938 13940 1afe8635d86 13934->13940 13935 1afe8635d81 13935->13933 13936 1afe8635d79 13937 1afe86346c4 2 API calls 13936->13937 13937->13935 13938->13936 13939 1afe86353d4 2 API calls 13938->13939 13939->13938 13940->13935 13942 1afe863587c 13940->13942 13943 1afe86358c3 13942->13943 13947 1afe863594e 13942->13947 13944 1afe86358cc 13943->13944 13945 1afe8635b2c 13943->13945 13944->13947 13948 1afe86353d4 2 API calls 13944->13948 13945->13947 13949 1afe86355e0 13945->13949 13947->13940 13948->13947 13950 1afe863560c 13949->13950 13951 1afe8634918 2 API calls 13950->13951 13954 1afe86356b1 13950->13954 13952 1afe8635697 13951->13952 13953 1afe86353d4 2 API calls 13952->13953 13952->13954 13953->13954 13954->13947 13955 1afe863330c 13956 1afe8633378 13955->13956 13957 1afe863331e 13955->13957 13957->13956 13959 1afe8635774 13957->13959 13960 1afe8635779 13959->13960 13962 1afe863579b 13959->13962 13961 1afe86355e0 2 API calls 13960->13961 13960->13962 13961->13962 13962->13957 13990 1afe8639f6c 13991 1afe8639f86 13990->13991 13995 1afe8639fab 13990->13995 13992 1afe8639ef4 2 API calls 13991->13992 13991->13995 13993 1afe8639f95 13992->13993 13994 1afe8637fcc 2 API calls 13993->13994 13993->13995 13994->13995

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 000001AFE8633970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Information$QuerySystemVolume
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2187445334-0
                                                                                                                                                              • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                              • Instruction ID: 9beca4901391f9b589c39113d1a0d2422f9d77bbee919e68306cd4367f333876
                                                                                                                                                              • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                              • Instruction Fuzzy Hash: 41917F31218E094FE796FB64D8597EA73E1FBA5311F100A3E945BC32B1EF3499468782
                                                                                                                                                              Function 000001AFE8632B70 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 278 1afe8632b70-1afe8632c61 call 1afe8633c58 call 1afe8631030 call 1afe8631914 call 1afe8631488 call 1afe86316a0 call 1afe8631488 call 1afe86311dc call 1afe8631488 call 1afe86311dc call 1afe8631488 call 1afe86311dc 302 1afe8632e66-1afe8632e81 call 1afe8631488 call 1afe86317dc 278->302 303 1afe8632c67-1afe8632c79 call 1afe8662856 278->303 312 1afe8632e86-1afe8632ea2 302->312 308 1afe8632c80-1afe8632c9c 303->308 309 1afe8632c7b-1afe8632c7e 303->309 311 1afe8632cad-1afe8632caf 308->311 323 1afe8632c9e-1afe8632ca6 call 1afe8662856 308->323 309->308 309->311 313 1afe8632cb1-1afe8632cb4 311->313 314 1afe8632cc5-1afe8632cc8 311->314 319 1afe8632ea4-1afe8632ee4 call 1afe8634b34 call 1afe8635ee6 312->319 320 1afe8632ee7-1afe8632efc call 1afe8633dc4 312->320 313->302 317 1afe8632cba-1afe8632cc3 313->317 314->302 318 1afe8632cce-1afe8632cd1 314->318 317->314 321 1afe8632cd3-1afe8632cda 318->321 319->320 327 1afe8632cde-1afe8632ce4 321->327 328 1afe8632cdc 321->328 333 1afe8632cab 323->333 327->321 332 1afe8632ce6-1afe8632d07 call 1afe8631488 call 1afe86317dc 327->332 328->327 340 1afe8632d09-1afe8632d10 332->340 333->311 341 1afe8632e4f-1afe8632e55 340->341 342 1afe8632d16-1afe8632e4a call 1afe8631914 call 1afe8631488 call 1afe8635eec call 1afe8631488 * 2 call 1afe8635eec call 1afe8631488 * 2 call 1afe8635eec call 1afe8631488 * 2 call 1afe8635eec call 1afe8631488 * 2 call 1afe86316a0 call 1afe8631488 call 1afe8635eec call 1afe8631488 340->342 341->340 344 1afe8632e5b-1afe8632e64 341->344 342->341 344->312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 33a52d9ccfbdf5f41e231b325e67a4bd03a46336abc47829282f251e8e098952
                                                                                                                                                              • Instruction ID: cf756511d9137cc0a06e5b9af7f2d5b663f04308bc0cebc4fcdd6848d744ff12
                                                                                                                                                              • Opcode Fuzzy Hash: 33a52d9ccfbdf5f41e231b325e67a4bd03a46336abc47829282f251e8e098952
                                                                                                                                                              • Instruction Fuzzy Hash: 1FB11331319A098BE757FB54C891ADB73E1FBD5304F41462DA48BC71A6DF24EA068BC2
                                                                                                                                                              Function 000001AFE8656F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket$ErrorModegetsockopt
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 552242919-0
                                                                                                                                                              • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                              • Instruction ID: 6fc388ba12299b5f149188720376d54448e1d7390a58e5433b2f55c412f72fa6
                                                                                                                                                              • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                              • Instruction Fuzzy Hash: 5A4188306187488FF749EF68D89999A77E1FB99301F518A2DE047C32A1DF38D905CB81
                                                                                                                                                              Function 000001AFE863376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateMappingView
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3452162329-0
                                                                                                                                                              • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                              • Instruction ID: 57d28f41c3424e5bc3059a4b261155ea6b1077177033b04ca40792b11e61cef2
                                                                                                                                                              • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                              • Instruction Fuzzy Hash: 8951543161CB888BD76AEB64C4967EAB7E0FB95301F00453FE4DAD21A1DF3495068B93
                                                                                                                                                              Function 000001AFE8657B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3755109111-0
                                                                                                                                                              • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                              • Instruction ID: 4633e6eb50b9dab0697b7caa70b36c55f386ec277d9bdadf2d4a09d44a158680
                                                                                                                                                              • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                              • Instruction Fuzzy Hash: BB3108303055184FFB56BFA8E8943B932D6F746315F5108BDE84BCA1A2DB25CC4286C3
                                                                                                                                                              Function 000001AFE8633544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2039140958-0
                                                                                                                                                              • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                              • Instruction ID: c53646edbf78e7f79f6e128d24491536fc2569e6f0fbb8833e0b634f536bc8c3
                                                                                                                                                              • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                              • Instruction Fuzzy Hash: 1E51307121C7848BD766EF64D8956EBB7E1FBD9301F410A3EA0CAC22A1DF7495058B83
                                                                                                                                                              Function 000001AFE8657EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 98920635-0
                                                                                                                                                              • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                              • Instruction ID: c2372a6b73ec8bbf91b0c24c29992fa59948e3ef0bec57301a244299cefaea74
                                                                                                                                                              • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                              • Instruction Fuzzy Hash: 8E21B2303145084FEB59BBB8D88D7A933D1FB55325F114A7DE86ACB2E1EB248C428692
                                                                                                                                                              Function 000001AFE86328D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                              • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                              • Instruction ID: e591cbae38c156377293c1a12f9ced65f5bbd7934c35d48a3bdb2df040a9782c
                                                                                                                                                              • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                              • Instruction Fuzzy Hash: 9C016130316A094EEA5BB3B549953FD22D6EBD6322F46013D6906D23F2DF18CD0642C2
                                                                                                                                                              Function 000001AFE86328A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCallerProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2663294120-0
                                                                                                                                                              • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                              • Instruction ID: 7815369f33ac2581d900e93e94b8ac854c690c76fd77ecb2cd00df335394a2eb
                                                                                                                                                              • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                              • Instruction Fuzzy Hash: 25E08C21B05D090BAB6861AE24886B651C6C7D8262B04027AE41CC22A5EE148C460291
                                                                                                                                                              Function 000001AFE8632874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 225 1afe8632874-1afe8632891 call 1afe8631994 228 1afe8632893-1afe8632896 LoadLibraryA 225->228 229 1afe8632898-1afe863289e 225->229 228->229
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction ID: 89cbbdd90e4f9b9b2820538e1beb50b6e3c2e395671178634dc70e06b95eedb2
                                                                                                                                                              • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                              • Instruction Fuzzy Hash: 8FD0A720321D0E1FEA49737D1CA43B511D5E7DC325F51153EB409C2281DA68CC5A0341
                                                                                                                                                              Function 000001AFE8640E88 Relevance: 1.4, APIs: 1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 4e591c870a7255796739ff2808ef143751c69e263355506a62e04b7b2ca752ac
                                                                                                                                                              • Instruction ID: 40f7eeccf5a5244c58bd59e2d23ed043f834d6cbf8500422b81493199ba4a51f
                                                                                                                                                              • Opcode Fuzzy Hash: 4e591c870a7255796739ff2808ef143751c69e263355506a62e04b7b2ca752ac
                                                                                                                                                              • Instruction Fuzzy Hash: A1412C30316E0D5BEAD9FFA894947AD72A1FB99301F51003C991AC32A2DF64DD5287C2
                                                                                                                                                              Function 000001AFE86380CC Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 268 1afe86380cc-1afe86380cf 269 1afe86380d1-1afe86380e0 268->269 270 1afe863810d 268->270 271 1afe86380e2-1afe86380eb call 1afe8640e88 free 269->271 272 1afe86380f1-1afe863810c call 1afe863ad2c 269->272 271->272 272->270
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 000001AFE8640E88: free.MSVCRT(?,?,?,?,?,?,?,?,?,000001AFE86380E7), ref: 000001AFE8640FB2
                                                                                                                                                              • free.MSVCRT(?,?,?,?,?,?,?,000001AFE86381D2,?,?,?,?,?,?,?,000001AFE8634660), ref: 000001AFE86380EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000014.00000002.145866610476.000001AFE8630000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001AFE8630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_20_2_1afe8630000_dllhost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                              • Opcode ID: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                                                              • Instruction ID: 002a235e9663799c1d730c39049d17e7c83167d125843c53b87eff7e46207e32
                                                                                                                                                              • Opcode Fuzzy Hash: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                                                              • Instruction Fuzzy Hash: 4FE01234312D094BFF99BBA598B4BA83391EB99302F50006C5806D22A2CB15DC93C7C1