Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MFs7p6ab7w.exe

Overview

General Information

Sample name:MFs7p6ab7w.exe
renamed because original name is a hash value
Original sample name:4bb4804e6fa42fba564672ff5932aef0.exe
Analysis ID:1434371
MD5:4bb4804e6fa42fba564672ff5932aef0
SHA1:08dc77cb06d298a7e5914478ad9862f5888771b4
SHA256:42a2a977cb6e2f3a6a8850f10cdafd39534496d0a576e2a25adc7df7fb8719d7
Tags:exenjratRAT
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
Disables zone checking for all users
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MFs7p6ab7w.exe (PID: 7108 cmdline: "C:\Users\user\Desktop\MFs7p6ab7w.exe" MD5: 4BB4804E6FA42FBA564672FF5932AEF0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Install Dir": "TEMP", "Install Name": "Dllhost.exe", "Startup": "True", "Campaign ID": "04k0", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Install Flag": ""}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
MFs7p6ab7w.exeJoeSecurity_NjratYara detected NjratJoe Security
    MFs7p6ab7w.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x7cbd:$a1: get_Registry
    • 0x93ec:$a2: SEE_MASK_NOZONECHECKS
    • 0x91fc:$a3: Download ERROR
    • 0x9614:$a4: cmd.exe /c ping 0 -n 2 & del "
    MFs7p6ab7w.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x9614:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x94a2:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
    • 0x9096:$x3: www.upload.ee/image/
    • 0x90ee:$x3: www.upload.ee/image/
    • 0x914a:$x3: www.upload.ee/image/
    • 0x8d94:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x948a:$s2: /Server.exe
    • 0x921e:$s3: Executed As
    • 0x724d:$s5: Stub.exe
    • 0x91fc:$s6: Download ERROR
    • 0x8eba:$s7: shutdown -r -t 00
    • 0x8d56:$s8: Select * From AntiVirusProduct
    MFs7p6ab7w.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x93ec:$reg: SEE_MASK_NOZONECHECKS
    • 0x91d8:$msg: Execute ERROR
    • 0x9238:$msg: Execute ERROR
    • 0x9614:$ping: cmd.exe /c ping 0 -n 2 & del

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
      00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x7abd:$a1: get_Registry
      • 0x91ec:$a2: SEE_MASK_NOZONECHECKS
      • 0x8ffc:$a3: Download ERROR
      • 0x9414:$a4: cmd.exe /c ping 0 -n 2 & del "
      00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x91ec:$reg: SEE_MASK_NOZONECHECKS
      • 0x8fd8:$msg: Execute ERROR
      • 0x9038:$msg: Execute ERROR
      • 0x9414:$ping: cmd.exe /c ping 0 -n 2 & del
      Process Memory Space: MFs7p6ab7w.exe PID: 7108JoeSecurity_NjratYara detected NjratJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.MFs7p6ab7w.exe.e80000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
          0.0.MFs7p6ab7w.exe.e80000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x7cbd:$a1: get_Registry
          • 0x93ec:$a2: SEE_MASK_NOZONECHECKS
          • 0x91fc:$a3: Download ERROR
          • 0x9614:$a4: cmd.exe /c ping 0 -n 2 & del "
          0.0.MFs7p6ab7w.exe.e80000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
          • 0x9614:$x1: cmd.exe /c ping 0 -n 2 & del "
          • 0x94a2:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
          • 0x9096:$x3: www.upload.ee/image/
          • 0x90ee:$x3: www.upload.ee/image/
          • 0x914a:$x3: www.upload.ee/image/
          • 0x8d94:$s1: winmgmts:\\.\root\SecurityCenter2
          • 0x948a:$s2: /Server.exe
          • 0x921e:$s3: Executed As
          • 0x724d:$s5: Stub.exe
          • 0x91fc:$s6: Download ERROR
          • 0x8eba:$s7: shutdown -r -t 00
          • 0x8d56:$s8: Select * From AntiVirusProduct
          0.0.MFs7p6ab7w.exe.e80000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
          • 0x93ec:$reg: SEE_MASK_NOZONECHECKS
          • 0x91d8:$msg: Execute ERROR
          • 0x9238:$msg: Execute ERROR
          • 0x9614:$ping: cmd.exe /c ping 0 -n 2 & del

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:05/01/24-00:00:25.744681
          SID:2033132
          Source Port:49719
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:28.731879
          SID:2033132
          Source Port:49710
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/01/24-00:00:51.105126
          SID:2033132
          Source Port:49721
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/01/24-00:00:43.878222
          SID:2825564
          Source Port:49720
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:32.391188
          SID:2033132
          Source Port:49711
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/01/24-00:00:28.728191
          SID:2033132
          Source Port:49720
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:50.300485
          SID:2825564
          Source Port:49711
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:59:44.148171
          SID:2825564
          Source Port:49716
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:59:59.030350
          SID:2825564
          Source Port:49717
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:03.927745
          SID:2825564
          Source Port:49704
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:56:58.467958
          SID:2825563
          Source Port:49704
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/01/24-00:00:13.881637
          SID:2825564
          Source Port:49718
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:38.216855
          SID:2033132
          Source Port:49714
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:22.733871
          SID:2825564
          Source Port:49713
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:04.581713
          SID:2825563
          Source Port:49713
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:04.373417
          SID:2033132
          Source Port:49713
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:58.910496
          SID:2033132
          Source Port:49715
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:59:07.527449
          SID:2825564
          Source Port:49715
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:59:12.799714
          SID:2033132
          Source Port:49716
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:56:58.260375
          SID:2033132
          Source Port:49704
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:32.593388
          SID:2825563
          Source Port:49711
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:59:47.258002
          SID:2033132
          Source Port:49717
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:58:55.010619
          SID:2825564
          Source Port:49714
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/30/24-23:57:28.934392
          SID:2825563
          Source Port:49710
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/01/24-00:00:11.163303
          SID:2033132
          Source Port:49718
          Destination Port:12194
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: MFs7p6ab7w.exeAvira: detected
          Found malware configuration
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpackMalware Configuration Extractor: Njrat {"Install Dir": "TEMP", "Install Name": "Dllhost.exe", "Startup": "True", "Campaign ID": "04k0", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Install Flag": ""}
          Multi AV Scanner detection for submitted file
          Source: MFs7p6ab7w.exeReversingLabs: Detection: 84%
          Yara detected Njrat
          Source: Yara matchFile source: MFs7p6ab7w.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MFs7p6ab7w.exe PID: 7108, type: MEMORYSTR
          Machine Learning detection for sample
          Source: MFs7p6ab7w.exeJoe Sandbox ML: detected
          Source: MFs7p6ab7w.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: MFs7p6ab7w.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49704 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49704 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49704 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49710 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49710 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49711 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49711 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49711 -> 18.192.31.165:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49713 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49713 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49713 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49714 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49714 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49715 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49715 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49716 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49716 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49717 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49717 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49718 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49718 -> 3.125.209.94:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49719 -> 18.158.249.75:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49720 -> 18.158.249.75:12194
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49720 -> 18.158.249.75:12194
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49721 -> 18.158.249.75:12194
          Source: global trafficTCP traffic: 192.168.2.5:49704 -> 18.192.31.165:12194
          Source: global trafficTCP traffic: 192.168.2.5:49713 -> 3.125.209.94:12194
          Source: global trafficTCP traffic: 192.168.2.5:49719 -> 18.158.249.75:12194
          Source: Joe Sandbox ViewIP Address: 3.125.209.94 3.125.209.94
          Source: Joe Sandbox ViewIP Address: 18.192.31.165 18.192.31.165
          Source: Joe Sandbox ViewIP Address: 18.158.249.75 18.158.249.75
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: 0.tcp.eu.ngrok.io

          E-Banking Fraud

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: MFs7p6ab7w.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MFs7p6ab7w.exe PID: 7108, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_017EA8280_2_017EA828
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_017EF5580_2_017EF558
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_017ED6680_2_017ED668
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_017EDC900_2_017EDC90
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_017EA81F0_2_017EA81F
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_060677900_2_06067790
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_060680600_2_06068060
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_060685510_2_06068551
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_060615B00_2_060615B0
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_060670480_2_06067048
          Source: MFs7p6ab7w.exe, 00000000.00000002.4414093605.000000000131E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MFs7p6ab7w.exe
          Source: MFs7p6ab7w.exe, 00000000.00000002.4414080736.00000000012F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs MFs7p6ab7w.exe
          Source: MFs7p6ab7w.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: MFs7p6ab7w.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: classification engineClassification label: mal100.phis.troj.evad.winEXE@1/0@4/3
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMutant created: NULL
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMutant created: \Sessions\1\BaseNamedObjects\Windows Update
          Source: MFs7p6ab7w.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: MFs7p6ab7w.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: MFs7p6ab7w.exe, 00000000.00000002.4421793411.00000000066CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Select * From AntiVirusProduct/;
          Source: MFs7p6ab7w.exeReversingLabs: Detection: 84%
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: MFs7p6ab7w.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: MFs7p6ab7w.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: MFs7p6ab7w.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeCode function: 0_2_06068C78 push 1C0308C3h; ret 0_2_06068C7D
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: 17E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: 51A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: 6C20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: 5D00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWindow / User API: threadDelayed 774Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWindow / User API: threadDelayed 4801Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWindow / User API: threadDelayed 3717Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWindow / User API: foregroundWindowGot 768Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 1352Thread sleep count: 774 > 30Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 1352Thread sleep time: -77400s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 7104Thread sleep count: 4801 > 30Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 7104Thread sleep time: -4801000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 7104Thread sleep count: 3717 > 30Jump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exe TID: 7104Thread sleep time: -3717000s >= -30000sJump to behavior
          Source: MFs7p6ab7w.exe, 00000000.00000002.4414213729.000000000138D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeMemory allocated: page read and write | page guardJump to behavior
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 21:34:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:20:41 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:07:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:36:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/11 | 00:09:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:28:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:50:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:14:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:47:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 03:56:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 12:08:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/07 | 05:11:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/26 | 10:02:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:56:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:51:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:30:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 19:12:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 09:45:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:00:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:06:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 20:04:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:49:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:39:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/24 | 06:00:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 08:45:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:00:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:29:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/09 | 00:14:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:00:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 04:04:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 03:57:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:54:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 05:18:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:12:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:00:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 10:14:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:44:00 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:22:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:31:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:32:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:01:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:28:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:07:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 20:24:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:35:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:24:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:07:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:21:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:14:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:45:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 19:01:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/11 | 00:03:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/09 | 08:44:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:21:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 10:27:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:50:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 09:29:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:24:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 02:20:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 09:41:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:20:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:10:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:12:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:47:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:01:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:22:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:40:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:06:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:22:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/09 | 00:23:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:54:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:54:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:27:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:15:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:07:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:31:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:04:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:51:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:05:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:35:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:53:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/26 | 09:44:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 10:37:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 17:42:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:48:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:52:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:43:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 04:40:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:46:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 20:13:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 12:45:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:32:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:01:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:55:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/28 | 22:45:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:57:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:51:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:51:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:10:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:52:14 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:08:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:08:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:33:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 20:31:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:50:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 15:05:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:43:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:52:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 01:19:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:13:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:45:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:00:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:33:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:06:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:21:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:55:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:36:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:13:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 01:34:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:02:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:53:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:01:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:56:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:48:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 21:18:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 11:05:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:11:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:23:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:48:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:40:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:58:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/24 | 05:33:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 14:46:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:36:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/09 | 08:36:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:27:00 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/28 | 13:29:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:28:43 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:17:41 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/26 | 09:53:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:28:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:02:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:24:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:00:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:57:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:49:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:07:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 06:04:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 21:12:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:09:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 20:59:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 01:36:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:53:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:23:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:56:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:58:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:49:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:00:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:47:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:47:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:01:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:19:19 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:26:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:01:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 08:11:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:18:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:18:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:38:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:09:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:01:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:44:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:15:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 04:10:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:40:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:11:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:54:14 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 18:54:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:47:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/28 | 22:42:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:58:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:52:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:44:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 21:11:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:32:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:10:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:06:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/30 | 17:03:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:06:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:49:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:56:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:24:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:24:19 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:30:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/24 | 05:38:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:20:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/08 | 20:23:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:00:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:19:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:44:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:52:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/30 | 17:05:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:19:05 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:45:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:27:00 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 21:38:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:33:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:32:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 05:06:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:07:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:29:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 10:13:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:44:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:03:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:39:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:18:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:53:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:09:05 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:25:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:12:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:48:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:44:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/10 | 23:57:05 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 09:29:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:46:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 17:32:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 19:15:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:14:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:54:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:50:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:18:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:37:14 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:30:43 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:07:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:52:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:27:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 02:29:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:44:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:43:05 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:37:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:01:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:51:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:47:32 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 09:34:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:03:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.00000000032BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:55:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 12:30:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 10:22:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/30 | 23:57:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:33:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 20:39:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:15:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:47:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 17:49:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:28:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:58:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:23:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:57:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:23:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:43:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/09 | 00:41:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 10:31:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:50:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:43:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:18:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:56:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:37:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:39:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:51:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:49:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.00000000031A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 10:36:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:40:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:45:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:34:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 11:06:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:44:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 20:11:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:15:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:49:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:17:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:01:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/07 | 05:11:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.00000000032BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:40:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:49:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:46:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:53:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:47:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:44:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 19:34:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:34:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:16:43 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:09:41 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:27:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:44:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:00:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 18:26:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:20:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:35:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 04:10:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:24:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/11 | 00:05:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 15:03:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:05:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:23:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 05:11:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.00000000032BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 21:32:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 20:24:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/13 | 16:48:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:36:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003269000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:28:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/05 | 01:02:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 08:00:37 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:25:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:56:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/28 | 22:37:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 20:40:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:33:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:38:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:03:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:11:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:35:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:14:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 10:23:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 08:16:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:05:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 06:16:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:52:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:06:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:42:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 18:57:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 01:53:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:22:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 09:59:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:05:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:20:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/24 | 05:52:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/07 | 04:48:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:14:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 20:22:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:42:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:51:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:15:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 14:51:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 12:01:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:37:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:20:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:13:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:41:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 18:50:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:02:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 18:51:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:13:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:10:42 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 18:51:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/26 | 09:46:45 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:08:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 11:38:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:10:32 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:06:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 16:54:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:58:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 04:05:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:32:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:16:00 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 17:04:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:46:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/07 | 05:07:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:23:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:21:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:09:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 23:10:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:50:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:20:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 05:48:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:52:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:30:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:26:25 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:52:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 09:18:19 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 08:04:19 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:02:39 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:34:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:52:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:02:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:21:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:36:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:22:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 19:05:00 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 10:18:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:56:01 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/06 | 16:45:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:26:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:20:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:32:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 02:21:08 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:12:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 12:54:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:05:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:53:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:23:55 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:48:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:34:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:19:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 04:35:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 00:00:19 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 20:56:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:08:38 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:05:36 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/24 | 05:41:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:32:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:32:57 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 09:11:28 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:31:09 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 22:52:41 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 04:11:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:26:10 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 20:50:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 10:13:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 11:05:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/05 | 01:05:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/11 | 00:02:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:29:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 18:48:32 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:17:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:18:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 15:45:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 02:19:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 20:34:44 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 02:38:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 02:48:35 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 08:05:27 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 16:02:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:46:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 04:00:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:44:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 03:50:14 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:51:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/02 | 20:58:02 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 09:03:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 23:47:56 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:40:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/30 | 16:54:12 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:11:47 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:22:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 07:56:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/26 | 18:36:13 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:44:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:41:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 07:53:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:34:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/26 | 09:51:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:27:48 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:34:26 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 22:44:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 03:52:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/17 | 19:22:30 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 13:58:59 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/28 | 13:26:58 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 12:54:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:03:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 08:59:53 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/02 | 07:30:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:50:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:47:50 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 06:07:17 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 12:42:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 14:24:05 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:52:34 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 04:34:46 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 13:30:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 10:40:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:26:33 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:02:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:50:06 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 05:04:04 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/31 | 03:26:15 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 08:07:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/15 | 15:12:52 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 07:39:20 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 09:20:16 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:49:29 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:24:31 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/11 | 13:17:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/04 | 12:34:14 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 11:13:11 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/08 | 21:46:23 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/22 | 06:31:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/06 | 13:02:40 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:57:54 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003516000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414928574.0000000003731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/03 | 11:47:07 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/13 | 05:54:18 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:44:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/13 | 08:47:24 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/20 | 00:29:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/07/07 | 04:55:32 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 09:34:03 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/24 | 14:37:49 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/04 | 05:58:22 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/17 | 19:21:51 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/30 | 17:06:21 - Program Manager
          Source: MFs7p6ab7w.exe, 00000000.00000002.4416453733.00000000041A9000.00000004.00000800.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4416453733.0000000004BA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/06/15 | 12:47:32 - Program Manager
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Users\user\Desktop\MFs7p6ab7w.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Disables zone checking for all users
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
          Source: MFs7p6ab7w.exe, 00000000.00000002.4421698905.00000000066B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Defender\MsMpeng.exe
          Source: MFs7p6ab7w.exe, 00000000.00000002.4421625044.0000000006697000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4421698905.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414213729.000000000138D000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414093605.0000000001355000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4421590319.0000000006686000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4414213729.0000000001401000.00000004.00000020.00020000.00000000.sdmp, MFs7p6ab7w.exe, 00000000.00000002.4421653542.00000000066A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\MFs7p6ab7w.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: MFs7p6ab7w.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MFs7p6ab7w.exe PID: 7108, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: MFs7p6ab7w.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.MFs7p6ab7w.exe.e80000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MFs7p6ab7w.exe PID: 7108, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Process Injection          		2
          Virtualization/Sandbox Evasion          		OS Credential Dumping21
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop ProtocolData from Removable Media1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Process Injection          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture1
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets12
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          MFs7p6ab7w.exe84%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
          MFs7p6ab7w.exe100%AviraTR/Dropper.Gen7
          MFs7p6ab7w.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          0.tcp.eu.ngrok.io
          		18.192.31.165
          		truetrue
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            3.125.209.94
            		unknownUnited States
            		16509AMAZON-02UStrue
            18.192.31.165
            		0.tcp.eu.ngrok.ioUnited States
            		16509AMAZON-02UStrue
            18.158.249.75
            		unknownUnited States
            		16509AMAZON-02UStrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1434371
            Start date and time:2024-04-30 23:56:04 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 20s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:4
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:MFs7p6ab7w.exe
            renamed because original name is a hash value
            Original Sample Name:4bb4804e6fa42fba564672ff5932aef0.exe
            Detection:MAL
            Classification:mal100.phis.troj.evad.winEXE@1/0@4/3
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 96%
            • Number of executed functions: 42
            • Number of non-executed functions: 3
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240s for sample files taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: MFs7p6ab7w.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            23:56:57API Interceptor472893x Sleep call for process: MFs7p6ab7w.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            3.125.209.94xaa.doc.docxGet hashmaliciousCVE-2021-40444Browse
            • 259f-88-231-63-13.eu.ngrok.io/exploit.html
            18.192.31.165muyq8X8qXp.exeGet hashmaliciousUnknownBrowse
            • 3eae-79-191-34-149.eu.ngrok.io/sysvndump/send
            18.158.249.75xaa.doc.docxGet hashmaliciousCVE-2021-40444Browse
            • 259f-88-231-63-13.eu.ngrok.io/exploit.html

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            0.tcp.eu.ngrok.iojpGSWjSTSw.exeGet hashmaliciousNjratBrowse
            • 3.124.142.205
            KvS2rT08PQ.exeGet hashmaliciousBlank Grabber, Njrat, Umbral StealerBrowse
            • 18.158.249.75
            lLX6Po7hFJ.exeGet hashmaliciousNanocoreBrowse
            • 3.125.223.134
            aXDh3Stgy2.exeGet hashmaliciousNjratBrowse
            • 18.158.249.75
            9VnALqFMbF.exeGet hashmaliciousDarkCometBrowse
            • 3.125.209.94
            AKsHpy5O2W.exeGet hashmaliciousNjratBrowse
            • 3.125.223.134
            D6p5mclMzu.exeGet hashmaliciousNjratBrowse
            • 3.124.142.205
            P1Oyl92c7q.exeGet hashmaliciousNjratBrowse
            • 3.124.142.205
            F1RBq1AGOt.exeGet hashmaliciousNjratBrowse
            • 3.125.209.94
            8egiXe8bX1.exeGet hashmaliciousRedLineBrowse
            • 3.125.102.39

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AMAZON-02UShttp://flowcode.com/p/rHodscEZQ?fc=0Get hashmaliciousHTMLPhisherBrowse
            • 52.84.125.80
            http://bcgame.topGet hashmaliciousUnknownBrowse
            • 54.232.233.12
            http://marvin-occentus.netGet hashmaliciousUnknownBrowse
            • 52.84.18.90
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            https://plannexcg.com/plannex_tool_3/Get hashmaliciousUnknownBrowse
            • 108.159.227.16
            bulus.arm7-20240430-1916.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
            • 54.217.10.153
            https://z5dR7xs6phpSTZuaJ7AN.systeme.io/tr/2/4199979/5772796094/23830499/1297808236e3be12905529fb647a7b47b0826555c#cl/691115_smd/180/756621/6815/60662/198082Get hashmaliciousPhisherBrowse
            • 13.226.22.39
            file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
            • 18.154.109.109
            https://drive.autodesk.com/de28a225b/shares/SHd38bfQT1fb47330c993db3c422859d57c2Get hashmaliciousUnknownBrowse
            • 52.84.52.29
            AMAZON-02UShttp://flowcode.com/p/rHodscEZQ?fc=0Get hashmaliciousHTMLPhisherBrowse
            • 52.84.125.80
            http://bcgame.topGet hashmaliciousUnknownBrowse
            • 54.232.233.12
            http://marvin-occentus.netGet hashmaliciousUnknownBrowse
            • 52.84.18.90
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            https://plannexcg.com/plannex_tool_3/Get hashmaliciousUnknownBrowse
            • 108.159.227.16
            bulus.arm7-20240430-1916.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
            • 54.217.10.153
            https://z5dR7xs6phpSTZuaJ7AN.systeme.io/tr/2/4199979/5772796094/23830499/1297808236e3be12905529fb647a7b47b0826555c#cl/691115_smd/180/756621/6815/60662/198082Get hashmaliciousPhisherBrowse
            • 13.226.22.39
            file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
            • 18.154.109.109
            https://drive.autodesk.com/de28a225b/shares/SHd38bfQT1fb47330c993db3c422859d57c2Get hashmaliciousUnknownBrowse
            • 52.84.52.29
            AMAZON-02UShttp://flowcode.com/p/rHodscEZQ?fc=0Get hashmaliciousHTMLPhisherBrowse
            • 52.84.125.80
            http://bcgame.topGet hashmaliciousUnknownBrowse
            • 54.232.233.12
            http://marvin-occentus.netGet hashmaliciousUnknownBrowse
            • 52.84.18.90
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            Alliance Bank Central Texas Open Benefits Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
            • 34.246.250.25
            https://plannexcg.com/plannex_tool_3/Get hashmaliciousUnknownBrowse
            • 108.159.227.16
            bulus.arm7-20240430-1916.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
            • 54.217.10.153
            https://z5dR7xs6phpSTZuaJ7AN.systeme.io/tr/2/4199979/5772796094/23830499/1297808236e3be12905529fb647a7b47b0826555c#cl/691115_smd/180/756621/6815/60662/198082Get hashmaliciousPhisherBrowse
            • 13.226.22.39
            file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
            • 18.154.109.109
            https://drive.autodesk.com/de28a225b/shares/SHd38bfQT1fb47330c993db3c422859d57c2Get hashmaliciousUnknownBrowse
            • 52.84.52.29

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):5.606364544606074
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:MFs7p6ab7w.exe
            File size:44'032 bytes
            MD5:4bb4804e6fa42fba564672ff5932aef0
            SHA1:08dc77cb06d298a7e5914478ad9862f5888771b4
            SHA256:42a2a977cb6e2f3a6a8850f10cdafd39534496d0a576e2a25adc7df7fb8719d7
            SHA512:3ea2cb94e630b84887d1657b9bbd852fb30c037135f9f96a4520456f6be8a8f1c4d1d3ae26d86adc0609230d8b70757e43766d5b599a9d5af5a51f566d1618a3
            SSDEEP:384:Z8ZygjqyCEFmVoyb37ilaY2EdizMgh+zEIij+ZsNO3PlpJKkkjh/TzF7pWnoLgrq:Z61jqyVAVlbLCHKQgWuXQ/oxz+L
            TLSH:2013E78DB684E174D5FF8BF1B4A2B2890B71A017A902D30F99F154D94BB3EC09611EE7
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4}+f................................. ........@.. ....................... ............@................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x40c38e
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x662B7D34 [Fri Apr 26 10:08:52 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xc33c0x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x400.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xa3940xa400e67e3ec1d5a343aa07a9d6981af81860False0.42046970274390244data5.699368947459915IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xe0000x4000x400e6bddab8cfc5a0b85c6b2404ef045c60False0.3017578125data3.5160679793070893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x100000xc0x2007944e824d98cd140be139d8516798e9aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_MANIFEST0xe0580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Snort IDS Alerts

            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
            05/01/24-00:00:25.744681TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971912194192.168.2.518.158.249.75
            04/30/24-23:57:28.731879TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971012194192.168.2.518.192.31.165
            05/01/24-00:00:51.105126TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972112194192.168.2.518.158.249.75
            05/01/24-00:00:43.878222TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972012194192.168.2.518.158.249.75
            04/30/24-23:57:32.391188TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971112194192.168.2.518.192.31.165
            05/01/24-00:00:28.728191TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972012194192.168.2.518.158.249.75
            04/30/24-23:57:50.300485TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971112194192.168.2.518.192.31.165
            04/30/24-23:59:44.148171TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971612194192.168.2.53.125.209.94
            04/30/24-23:59:59.030350TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971712194192.168.2.53.125.209.94
            04/30/24-23:57:03.927745TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4970412194192.168.2.518.192.31.165
            04/30/24-23:56:58.467958TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4970412194192.168.2.518.192.31.165
            05/01/24-00:00:13.881637TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971812194192.168.2.53.125.209.94
            04/30/24-23:58:38.216855TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971412194192.168.2.53.125.209.94
            04/30/24-23:58:22.733871TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971312194192.168.2.53.125.209.94
            04/30/24-23:58:04.581713TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971312194192.168.2.53.125.209.94
            04/30/24-23:58:04.373417TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971312194192.168.2.53.125.209.94
            04/30/24-23:58:58.910496TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971512194192.168.2.53.125.209.94
            04/30/24-23:59:07.527449TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971512194192.168.2.53.125.209.94
            04/30/24-23:59:12.799714TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971612194192.168.2.53.125.209.94
            04/30/24-23:56:58.260375TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4970412194192.168.2.518.192.31.165
            04/30/24-23:57:32.593388TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971112194192.168.2.518.192.31.165
            04/30/24-23:59:47.258002TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971712194192.168.2.53.125.209.94
            04/30/24-23:58:55.010619TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971412194192.168.2.53.125.209.94
            04/30/24-23:57:28.934392TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971012194192.168.2.518.192.31.165
            05/01/24-00:00:11.163303TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971812194192.168.2.53.125.209.94

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 30, 2024 23:56:57.712454081 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:56:57.919895887 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:56:57.919986963 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:56:58.260375023 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:56:58.467843056 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:56:58.467957973 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:56:58.675455093 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:57:03.927745104 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:04.135288000 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:57:19.252994061 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:57:19.253067017 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:26.458343029 CEST121944970418.192.31.165192.168.2.5
            Apr 30, 2024 23:57:26.503242016 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:28.473570108 CEST4970412194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:28.476064920 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:28.678606033 CEST121944971018.192.31.165192.168.2.5
            Apr 30, 2024 23:57:28.678678036 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:28.731878996 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:28.934330940 CEST121944971018.192.31.165192.168.2.5
            Apr 30, 2024 23:57:28.934391975 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:29.136862040 CEST121944971018.192.31.165192.168.2.5
            Apr 30, 2024 23:57:30.155478001 CEST121944971018.192.31.165192.168.2.5
            Apr 30, 2024 23:57:30.155668020 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.159617901 CEST4971012194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.160489082 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.362298965 CEST121944971018.192.31.165192.168.2.5
            Apr 30, 2024 23:57:32.362719059 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:57:32.362796068 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.391187906 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.593293905 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:57:32.593388081 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:32.795474052 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:57:37.769140959 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:37.971291065 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:57:47.175535917 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:47.377319098 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:57:50.300484896 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:57:50.502566099 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:58:00.910115957 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:58:00.910207033 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:58:03.032310963 CEST4971112194192.168.2.518.192.31.165
            Apr 30, 2024 23:58:03.234611034 CEST121944971118.192.31.165192.168.2.5
            Apr 30, 2024 23:58:03.514360905 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:03.722549915 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:03.722702980 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:04.373416901 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:04.581605911 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:04.581712961 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:04.789805889 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:05.800338030 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:06.008506060 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:06.008728981 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:06.216782093 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:06.605304956 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:06.813401937 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:06.813509941 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:07.021542072 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:07.021636009 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:07.229724884 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:07.229826927 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:07.437799931 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:07.437923908 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:07.646023989 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:07.646253109 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:07.854233027 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:07.854330063 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:08.062345028 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:08.062458992 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:08.270432949 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:08.270507097 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:08.478524923 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:08.478715897 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:08.686738968 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:08.686845064 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:08.894867897 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:08.894992113 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:09.103012085 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:09.103212118 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:09.311203957 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:09.311297894 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:09.519320011 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:09.519438028 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:09.727437973 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:09.727507114 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:09.935508013 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:09.935589075 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:10.170731068 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:10.188075066 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:10.188149929 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:10.378762960 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:10.378937006 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:10.396239996 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:10.586997986 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:10.587100983 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:10.795104980 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:12.181801081 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:12.389938116 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:12.390007973 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:12.598074913 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:12.598150969 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:12.806168079 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:13.127211094 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:13.335155964 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:13.335248947 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:13.543255091 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:13.543348074 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:13.751427889 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:13.751516104 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:13.959562063 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:13.959707022 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:14.167768002 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:14.167903900 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:14.376012087 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:14.376127958 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:14.584204912 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:14.584285975 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:14.792327881 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:14.792471886 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:15.000468969 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:15.000586987 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:15.208699942 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:15.212198019 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:15.420279980 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:16.812813997 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:17.020493984 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:17.020618916 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:17.228359938 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:17.577043056 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:17.784910917 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:17.785062075 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:17.992743015 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:17.992856979 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:18.200568914 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:18.200717926 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:18.408462048 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:18.408562899 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:18.616249084 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:18.616432905 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:18.824158907 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:18.824333906 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.032274008 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.032501936 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.230679035 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.240159035 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.240287066 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.438496113 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.438589096 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.447810888 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.646250963 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.646352053 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:19.854155064 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:19.854268074 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:20.062047958 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:20.062361002 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:20.270097971 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:20.270319939 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:20.478055954 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:20.478274107 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:20.686026096 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:20.686121941 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:20.893790007 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:20.893944025 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:21.101654053 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:21.101732016 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:21.309464931 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:22.733870983 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:22.941598892 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:22.941699982 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:23.149836063 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:23.149960995 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:23.357628107 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:23.357729912 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:23.565419912 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:23.565531015 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:23.773353100 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:23.773457050 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:23.981211901 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:23.981415033 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:24.189399004 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:24.190074921 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:24.397847891 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:24.398092985 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:24.605850935 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:24.605945110 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:24.813698053 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:24.814073086 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:25.022494078 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:25.026149035 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:25.233987093 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:25.234086037 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:25.442012072 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:25.442373991 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:25.650057077 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:25.650273085 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:25.857975960 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:25.858079910 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:26.065824032 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:26.065941095 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:26.273741007 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:26.273844004 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:26.481702089 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:26.481798887 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:26.689490080 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:26.689681053 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:26.897403002 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:26.897515059 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:27.105320930 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:27.106070995 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:27.313853979 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:27.314095974 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:27.522102118 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:27.526165009 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:27.733808041 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:27.734057903 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:27.941874027 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:27.942082882 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:28.149786949 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:28.149925947 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:28.404267073 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:28.404383898 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:28.612468958 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:28.612611055 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:28.820668936 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:28.820740938 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:29.029206038 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:29.029349089 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:29.237468958 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:29.237683058 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:29.445806980 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:29.446033955 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:29.654115915 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:29.654239893 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:29.862329960 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:29.862402916 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:30.070473909 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:30.074034929 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:30.282092094 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:30.284737110 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:30.492904902 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:30.494066954 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:30.702147007 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:30.702301979 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:30.910376072 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:30.914163113 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:31.122281075 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:31.122394085 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:31.330509901 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:31.330614090 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:31.538789988 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:31.539000988 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:31.747082949 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:31.747188091 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:31.959522963 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:31.959646940 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:32.167728901 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:32.167943954 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:32.375991106 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:32.376116991 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:32.584230900 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:32.584326029 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:32.792432070 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:32.792731047 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:33.000821114 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:33.000893116 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:33.209088087 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:33.209290028 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:33.417367935 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:33.417557955 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:33.625688076 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:33.625792980 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:33.834042072 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:33.834273100 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:34.042474031 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:34.042706966 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:34.250889063 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:34.250962973 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:34.459100008 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:34.459286928 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:34.667366982 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:34.667454958 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:34.875521898 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:34.875593901 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.084080935 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.084294081 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.292392015 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.292648077 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.500873089 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.500983000 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.709160089 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.709362030 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.919429064 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.919547081 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:35.958901882 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:35.959002018 CEST4971312194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:36.127605915 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:36.166990995 CEST12194497133.125.209.94192.168.2.5
            Apr 30, 2024 23:58:37.973447084 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:38.179578066 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:38.179788113 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:38.216855049 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:38.422894955 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:38.422955036 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:38.629543066 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:38.629622936 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:38.835654974 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:38.835778952 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:39.041788101 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:39.041852951 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:39.247869968 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:39.248016119 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:39.454022884 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:39.454124928 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:39.660703897 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:39.660799980 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:39.866847038 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:39.867079973 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:40.073060989 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:40.073194981 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:40.279211998 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:40.281100988 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:40.487062931 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:42.566047907 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:42.772110939 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:42.772166967 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:42.978143930 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:42.978286028 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:43.184298992 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:43.184410095 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:43.390613079 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:43.390714884 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:43.596843958 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:43.597033024 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:43.803078890 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:43.803139925 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:44.009196043 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:44.009270906 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:44.215266943 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:44.217070103 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:44.423034906 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:44.423127890 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:44.629162073 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:44.632072926 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:44.838273048 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:46.357048988 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:46.563092947 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:46.563164949 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:46.768742085 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:47.180787086 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:47.386394978 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:47.386478901 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:47.592199087 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:47.592407942 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:47.798044920 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:47.798119068 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:48.003685951 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:48.003808022 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:48.209393978 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:48.209510088 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:48.415142059 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:48.415224075 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:48.620857954 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:48.620925903 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:48.826589108 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:48.826692104 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:49.034214973 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:49.034302950 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:49.239909887 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:49.242053986 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:49.447618008 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:51.721863031 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:51.927454948 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:51.927576065 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:52.133182049 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:52.133289099 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:52.338867903 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:52.338949919 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:52.544471025 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:52.544589043 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:52.750165939 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:52.750344038 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:52.955936909 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:52.955996037 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:53.161518097 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:53.161668062 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:53.367197990 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:53.453253031 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:53.658787966 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:53.658855915 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:53.864358902 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:55.010618925 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:55.216290951 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:55.216353893 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:55.422343969 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:55.422430992 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:55.628065109 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:55.628168106 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:55.833690882 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:55.833760977 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:56.039354086 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:56.039566994 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:56.245098114 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:56.441617012 CEST12194497143.125.209.94192.168.2.5
            Apr 30, 2024 23:58:56.534513950 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:58.659888029 CEST4971412194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:58.661123991 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:58.863971949 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:58.864124060 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:58.910495996 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:59.113416910 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:59.113478899 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:59.316334009 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:59.316431046 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:59.519284964 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:59.519380093 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:59.722265005 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:59.722393990 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:58:59.925184011 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:58:59.925275087 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:00.128086090 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:00.132179976 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:00.335020065 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:00.338119984 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:00.540889025 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:00.541081905 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:00.743908882 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:02.167164087 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:02.370026112 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:02.370110035 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:02.572858095 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:02.973426104 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:03.176232100 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:03.176322937 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:03.379340887 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:03.379417896 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:03.582115889 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:03.582180977 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:03.785023928 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:03.785235882 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:03.987946987 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:03.988055944 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:04.190905094 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:04.190989971 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:04.393801928 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:04.394078016 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:04.596961021 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:04.597155094 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:04.799992085 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:04.800185919 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:05.003014088 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:05.003093004 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:05.206006050 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:07.527448893 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:07.730293036 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:07.730389118 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:07.933162928 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:07.933341980 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:08.136132956 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:08.136202097 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:08.339042902 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:08.339250088 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:08.542076111 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:08.542196989 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:08.745105028 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:08.745189905 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:08.947973013 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:08.948263884 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:09.151051044 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:09.151240110 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:09.354021072 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:09.354132891 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:09.556941032 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:09.557149887 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:09.759959936 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:09.760166883 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:09.963049889 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:09.963239908 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:10.166022062 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:10.168104887 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:10.370894909 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:10.372188091 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:10.401942015 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:10.404237986 CEST4971512194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:10.575104952 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:10.606975079 CEST12194497153.125.209.94192.168.2.5
            Apr 30, 2024 23:59:12.546258926 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:12.752588987 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:12.752696991 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:12.799714088 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:13.005894899 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:13.005954027 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:13.212116003 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:13.212207079 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:13.420660973 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:13.420732975 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:13.626857996 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:13.626918077 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:13.833153009 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:13.833317995 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:14.039458036 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:16.189189911 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:16.395522118 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:16.395596027 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:16.601809025 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:16.602076054 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:16.808264017 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:16.808360100 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:17.014518023 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:17.014647961 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:17.220375061 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:17.220493078 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:17.426261902 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:17.426373959 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:17.632261992 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:17.632417917 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:17.838129997 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:17.838232040 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:18.043965101 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:18.044195890 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:18.249991894 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:18.250068903 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:18.455868006 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:20.636272907 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:20.842232943 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:20.842314005 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:21.048154116 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:21.048297882 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:21.254057884 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:21.254122019 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:21.459826946 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:21.460124969 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:21.665888071 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:21.666105986 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:21.871953964 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:21.872181892 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:22.077987909 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:22.078047991 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:22.283778906 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:22.286117077 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:22.491792917 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:22.494184971 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:22.699928045 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:22.700020075 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:22.906994104 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:22.908238888 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:23.115827084 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:23.116121054 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:23.321829081 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:23.323333979 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:23.529093981 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:23.529277086 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:23.735025883 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:23.735153913 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:23.940865993 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:23.940948963 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:24.146729946 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:24.146922112 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:24.353178978 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:24.353391886 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:24.559726000 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:24.559794903 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:24.765748978 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:24.766005993 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:24.971813917 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:24.971926928 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:25.177678108 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:25.177802086 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:25.383524895 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:25.700670004 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:25.906512022 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:25.906661987 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:26.112438917 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:27.062175989 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:27.267926931 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:27.268124104 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:27.473848104 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:27.473929882 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:27.679771900 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:27.679827929 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:27.885529041 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:27.885586023 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:28.091430902 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:28.091722965 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:28.297452927 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:28.297743082 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:28.503485918 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:28.503791094 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:28.709589958 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:28.709676981 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:28.915385962 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:28.915512085 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:29.121175051 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:29.121383905 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:29.327267885 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:29.327339888 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:29.533520937 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:29.533620119 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:29.739712954 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:29.739840984 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:29.945950031 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:29.946026087 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:30.152179003 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:30.152250051 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:30.358469963 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:30.358655930 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:30.564815044 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:30.564903021 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:30.771063089 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:30.771265030 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:30.977440119 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:30.977525949 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:31.183696985 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:33.401119947 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:33.607314110 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:33.607366085 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:33.813646078 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:33.813980103 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:34.020318985 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:34.020492077 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:34.226703882 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:34.227022886 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:34.433339119 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:34.433521986 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:34.639671087 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:34.639870882 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:34.846014023 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:34.846241951 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:35.052479029 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:35.052664995 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:35.261276960 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:35.261477947 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:35.469512939 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:35.469585896 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:35.675743103 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:37.850553036 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:38.056845903 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:38.056963921 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:38.263118982 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:38.263215065 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:38.469842911 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:38.469907999 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:38.676184893 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:38.676362038 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:38.882519007 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:38.882715940 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:39.088881016 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:39.088948011 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:39.295108080 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:39.295300961 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:39.501458883 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:39.501666069 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:39.707848072 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:39.707945108 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:39.914207935 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:39.914314032 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:40.120507956 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:40.120577097 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:40.326756001 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:41.407114983 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:41.613400936 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:42.218854904 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:42.425088882 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:42.535420895 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:42.741750956 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:43.237164021 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:43.443931103 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.148170948 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:44.354465008 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.354537010 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:44.560805082 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.560935020 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:44.767201900 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.767328978 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:44.973644972 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.973731995 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:44.981462002 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:44.981530905 CEST4971612194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:45.179997921 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:45.187629938 CEST12194497163.125.209.94192.168.2.5
            Apr 30, 2024 23:59:46.988972902 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:47.196652889 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:47.196748018 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:47.258002043 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:47.465590954 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:47.465759993 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:47.673358917 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:47.673438072 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:47.881093025 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:47.881186962 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:48.088779926 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:48.088846922 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:48.296467066 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:48.298111916 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:48.505713940 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:48.505791903 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:48.713419914 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:48.714101076 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:48.921880960 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:48.922136068 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:49.129795074 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:49.129875898 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:49.337421894 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:49.337567091 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:49.545206070 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:49.545361042 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:49.752473116 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:49.752557039 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:49.959635973 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:49.959753990 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:50.166980028 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:50.167128086 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:50.374186039 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:50.374291897 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:50.581382036 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:50.581485033 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:50.788598061 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:50.788734913 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:50.995824099 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:50.995938063 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:51.203923941 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:51.204049110 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:51.411279917 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:51.411380053 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:51.618463039 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:51.618547916 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:51.825730085 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:51.825887918 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:52.033178091 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:52.033255100 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:52.240438938 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:52.240560055 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:52.447776079 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:52.447845936 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:52.655096054 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:52.655196905 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:52.862397909 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:53.996347904 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:54.203481913 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:54.702233076 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:54.909405947 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:54.909521103 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:55.116719007 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:55.116776943 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:55.323932886 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:55.324129105 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:55.531258106 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:55.531474113 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:55.738619089 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:55.738763094 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:55.946032047 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:55.946119070 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:56.153150082 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:56.153264046 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:56.360363960 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:56.360461950 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:56.567625046 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:56.567713976 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:56.774775028 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:56.774897099 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:56.981937885 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:58.675340891 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:58.882540941 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:59.030349970 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:59.237514973 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:59.237585068 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:59.444652081 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:59.444850922 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:59.651885986 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:59.651957035 CEST4971712194192.168.2.53.125.209.94
            Apr 30, 2024 23:59:59.859004021 CEST12194497173.125.209.94192.168.2.5
            Apr 30, 2024 23:59:59.859175920 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:00.066680908 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:00.066977024 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:00.274615049 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:00.274678946 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:00.482265949 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:00.482409954 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:00.690013885 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:00.690104008 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:00.897618055 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:00.897718906 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:01.105288029 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:01.105393887 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:01.534558058 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:01.912604094 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:02.534542084 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:03.737632036 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:05.034511089 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:06.331481934 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:08.737641096 CEST4971712194192.168.2.53.125.209.94
            May 1, 2024 00:00:08.920176983 CEST12194497173.125.209.94192.168.2.5
            May 1, 2024 00:00:10.927508116 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.110032082 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:11.110184908 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.163302898 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.345779896 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:11.348180056 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.530633926 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:11.532192945 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.714601040 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:11.716140985 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:11.899192095 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:13.203327894 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:13.503248930 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:13.881637096 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:14.581389904 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:15.878259897 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:16.948297024 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:18.378288984 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:23.190782070 CEST4971812194192.168.2.53.125.209.94
            May 1, 2024 00:00:23.377923012 CEST12194497183.125.209.94192.168.2.5
            May 1, 2024 00:00:25.507342100 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:25.687975883 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:25.688124895 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:25.744680882 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:25.925707102 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:25.925837040 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:26.107503891 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:26.107640982 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:26.288676977 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:26.288804054 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:26.432045937 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:26.432135105 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:26.469285011 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:26.612653971 CEST121944971918.158.249.75192.168.2.5
            May 1, 2024 00:00:28.440948009 CEST4971912194192.168.2.518.158.249.75
            May 1, 2024 00:00:28.445189953 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:28.628536940 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:28.628619909 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:28.728190899 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:28.911582947 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:28.911844015 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:29.095015049 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:29.095103979 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:29.279177904 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:29.279453039 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:29.462738991 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:29.465296030 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:29.649094105 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:29.649158955 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:29.832356930 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:29.832429886 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:30.015530109 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:30.017169952 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:30.200234890 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:30.206140041 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:30.389316082 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:30.389395952 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:30.690798044 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:31.190767050 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:31.890819073 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:32.504379988 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.504499912 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:32.504617929 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.504709959 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:32.504776955 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.504841089 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:32.505044937 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.687792063 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.687810898 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:32.687822104 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:34.887124062 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:35.487634897 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:36.190798044 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:36.588124990 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.588200092 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:36.588417053 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.588490963 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:36.589027882 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.771348000 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.771420002 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:36.771876097 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.954739094 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:36.954827070 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:37.136540890 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:38.949012995 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:39.130995035 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:39.367624998 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:39.552145004 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:39.552217960 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:39.733947039 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:39.734081030 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:39.915962934 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:39.916044950 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:40.098417997 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:40.098505020 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:40.280267000 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:40.280371904 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:40.690857887 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:41.190720081 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:41.987637997 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:42.386043072 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:42.386199951 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:42.386205912 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:42.386287928 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:42.386708021 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:42.567985058 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:43.059451103 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:43.393836021 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:43.878221989 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:44.487617016 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:44.591336012 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.591427088 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:44.591476917 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.591490030 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.591516972 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:44.591532946 CEST4972012194192.168.2.518.158.249.75
            May 1, 2024 00:00:44.678555965 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.678570032 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.678992987 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.679111958 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.773098946 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.773152113 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:44.773185015 CEST121944972018.158.249.75192.168.2.5
            May 1, 2024 00:00:46.668131113 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:46.849423885 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:46.849526882 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:51.105125904 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:51.285756111 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:51.285831928 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:51.925108910 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:52.425162077 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:53.412506104 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:53.412537098 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:53.412636042 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:53.412667990 CEST4972112194192.168.2.518.158.249.75
            May 1, 2024 00:00:53.412673950 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:53.595674038 CEST121944972118.158.249.75192.168.2.5
            May 1, 2024 00:00:53.595698118 CEST121944972118.158.249.75192.168.2.5

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 30, 2024 23:56:57.600882053 CEST5055553192.168.2.51.1.1.1
            Apr 30, 2024 23:56:57.707341909 CEST53505551.1.1.1192.168.2.5
            Apr 30, 2024 23:58:03.403989077 CEST5841353192.168.2.51.1.1.1
            Apr 30, 2024 23:58:03.513058901 CEST53584131.1.1.1192.168.2.5
            Apr 30, 2024 23:59:12.415384054 CEST6464653192.168.2.51.1.1.1
            Apr 30, 2024 23:59:12.544387102 CEST53646461.1.1.1192.168.2.5
            May 1, 2024 00:00:25.395133018 CEST6432853192.168.2.51.1.1.1
            May 1, 2024 00:00:25.505085945 CEST53643281.1.1.1192.168.2.5

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Apr 30, 2024 23:56:57.600882053 CEST192.168.2.51.1.1.10xc03dStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
            Apr 30, 2024 23:58:03.403989077 CEST192.168.2.51.1.1.10xe3dcStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
            Apr 30, 2024 23:59:12.415384054 CEST192.168.2.51.1.1.10xb73fStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
            May 1, 2024 00:00:25.395133018 CEST192.168.2.51.1.1.10xceddStandard query (0)0.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Apr 30, 2024 23:56:57.707341909 CEST1.1.1.1192.168.2.50xc03dNo error (0)0.tcp.eu.ngrok.io18.192.31.165A (IP address)IN (0x0001)false
            Apr 30, 2024 23:58:03.513058901 CEST1.1.1.1192.168.2.50xe3dcNo error (0)0.tcp.eu.ngrok.io3.125.209.94A (IP address)IN (0x0001)false
            Apr 30, 2024 23:59:12.544387102 CEST1.1.1.1192.168.2.50xb73fNo error (0)0.tcp.eu.ngrok.io3.125.209.94A (IP address)IN (0x0001)false
            May 1, 2024 00:00:25.505085945 CEST1.1.1.1192.168.2.50xceddNo error (0)0.tcp.eu.ngrok.io18.158.249.75A (IP address)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            System Behavior

            General

            Target ID:0
            Start time:23:56:46
            Start date:30/04/2024
            Path:C:\Users\user\Desktop\MFs7p6ab7w.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\MFs7p6ab7w.exe"
            Imagebase:0xe80000
            File size:44'032 bytes
            MD5 hash:4BB4804E6FA42FBA564672FF5932AEF0
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1958187054.0000000000E82000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:7.1%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:100%
              Total number of Nodes:3
              Total number of Limit Nodes:0
              execution_graph 20109 17ea828 20111 17ea890 CreateProcessW 20109->20111 20112 17eaa2b 20111->20112

              Executed Functions

              Function 017EDC90 Relevance: 6.7, Strings: 5, Instructions: 438COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 17edc90-17edcc6 1 17edcce-17edcd4 0->1 124 17edcc8 call 17ed668 0->124 125 17edcc8 call 17edc90 0->125 2 17edcd6-17edcda 1->2 3 17edd24-17edd28 1->3 4 17edcdc-17edce1 2->4 5 17edce9-17edcf0 2->5 6 17edd3f-17edd53 3->6 7 17edd2a-17edd39 3->7 4->5 9 17eddc6-17ede03 5->9 10 17edcf6-17edcfd 5->10 8 17edd5b-17edd62 6->8 11 17edd3b-17edd3d 7->11 12 17edd65-17edd6f 7->12 22 17ede0e-17ede2e 9->22 23 17ede05-17ede0b 9->23 10->3 13 17edcff-17edd03 10->13 11->8 14 17edd79-17edd7d 12->14 15 17edd71-17edd77 12->15 16 17edd05-17edd0a 13->16 17 17edd12-17edd19 13->17 19 17edd85-17eddbf 14->19 20 17edd7f 14->20 15->19 16->17 17->9 21 17edd1f-17edd22 17->21 19->9 20->19 21->8 28 17ede35-17ede3c 22->28 29 17ede30 22->29 23->22 32 17ede3e-17ede49 28->32 31 17ee1c4-17ee1cd 29->31 33 17ede4f-17ede62 32->33 34 17ee1d5-17ee1e1 32->34 39 17ede78-17ede93 33->39 40 17ede64-17ede72 33->40 44 17edeb7-17edeba 39->44 45 17ede95-17ede9b 39->45 40->39 43 17ee14c-17ee153 40->43 43->31 48 17ee155-17ee157 43->48 49 17ee014-17ee01a 44->49 50 17edec0-17edec3 44->50 46 17ede9d 45->46 47 17edea4-17edea7 45->47 46->47 46->49 51 17ededa-17edee0 46->51 52 17ee106-17ee109 46->52 47->51 53 17edea9-17edeac 47->53 54 17ee159-17ee15e 48->54 55 17ee166-17ee16c 48->55 49->52 56 17ee020-17ee025 49->56 50->49 57 17edec9-17edecf 50->57 59 17edee6-17edee8 51->59 60 17edee2-17edee4 51->60 61 17ee10f-17ee115 52->61 62 17ee1d0 52->62 63 17edf46-17edf4c 53->63 64 17edeb2 53->64 54->55 55->34 65 17ee16e-17ee173 55->65 56->52 57->49 58 17eded5 57->58 58->52 67 17edef2-17edefb 59->67 60->67 68 17ee13a-17ee13e 61->68 69 17ee117-17ee11f 61->69 62->34 63->52 66 17edf52-17edf58 63->66 64->52 70 17ee1b8-17ee1bb 65->70 71 17ee175-17ee17a 65->71 73 17edf5e-17edf60 66->73 74 17edf5a-17edf5c 66->74 76 17edf0e-17edf36 67->76 77 17edefd-17edf08 67->77 68->43 78 17ee140-17ee146 68->78 69->34 75 17ee125-17ee134 69->75 70->62 79 17ee1bd-17ee1c2 70->79 71->62 72 17ee17c 71->72 80 17ee183-17ee188 72->80 81 17edf6a-17edf81 73->81 74->81 75->39 75->68 99 17edf3c-17edf41 76->99 100 17ee02a-17ee060 76->100 77->52 77->76 78->32 78->43 79->31 79->48 82 17ee1aa-17ee1ac 80->82 83 17ee18a-17ee18c 80->83 92 17edfac-17edfd3 81->92 93 17edf83-17edf9c 81->93 82->62 90 17ee1ae-17ee1b1 82->90 87 17ee18e-17ee193 83->87 88 17ee19b-17ee1a1 83->88 87->88 88->34 91 17ee1a3-17ee1a8 88->91 90->70 91->82 95 17ee17e-17ee181 91->95 92->62 104 17edfd9-17edfdc 92->104 93->100 105 17edfa2-17edfa7 93->105 95->62 95->80 99->100 106 17ee06d-17ee075 100->106 107 17ee062-17ee066 100->107 104->62 108 17edfe2-17ee00b 104->108 105->100 106->62 111 17ee07b-17ee080 106->111 109 17ee068-17ee06b 107->109 110 17ee085-17ee089 107->110 108->100 123 17ee00d-17ee012 108->123 109->106 109->110 112 17ee08b-17ee091 110->112 113 17ee0a8-17ee0ac 110->113 111->52 112->113 115 17ee093-17ee09b 112->115 116 17ee0ae-17ee0b4 113->116 117 17ee0b6-17ee0d2 113->117 115->62 118 17ee0a1-17ee0a6 115->118 116->117 120 17ee0db-17ee0df 116->120 117->120 118->52 120->52 121 17ee0e1-17ee0fd 120->121 121->52 123->100 124->1 125->1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4414632707.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_17e0000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: (o]q$(o]q$(o]q$,aq$,aq
              • API String ID: 0-615190528
              • Opcode ID: 88aae78b1d157116ca1102dff02e41a9083452c57a435cbd2f5c17da4a81c815
              • Instruction ID: 8636b0a8bee2a1e9bc6532924d64f5d34bf4eaeb66769e091515fddf2fc2e52c
              • Opcode Fuzzy Hash: 88aae78b1d157116ca1102dff02e41a9083452c57a435cbd2f5c17da4a81c815
              • Instruction Fuzzy Hash: 59024070A00209DFDB15CFA9D988AADFBF6FF4C300F158869E9159B261DB31E881CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 017ED668 Relevance: 4.3, Strings: 3, Instructions: 539COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4414632707.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_17e0000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: (o]q$Haq$\;]q
              • API String ID: 0-1522892060
              • Opcode ID: 2fb2142054cf73946af39c10d6fad1df3c389015ea2ece7ecd130f56c5233ec4
              • Instruction ID: e59adc9d62f8ed5fdd97c287d56ef6a4b9f922585252d4a8106c0e48571e33b0
              • Opcode Fuzzy Hash: 2fb2142054cf73946af39c10d6fad1df3c389015ea2ece7ecd130f56c5233ec4
              • Instruction Fuzzy Hash: DC128370A002198FDB24DFA9D8986AEBBF6FF88300F148559E945DB3A5DF349D41CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 017EA81F Relevance: 1.7, APIs: 1, Instructions: 216processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 801 17ea81f-17ea89c 803 17ea89e-17ea8a4 801->803 804 17ea8a7-17ea8ae 801->804 803->804 805 17ea8b9-17ea8c0 804->805 806 17ea8b0-17ea8b6 804->806 807 17ea8df-17ea8e3 805->807 808 17ea8c2-17ea8de 805->808 806->805 809 17ea8e5-17ea8fb 807->809 810 17ea903-17ea913 807->810 808->807 809->810 811 17ea915-17ea931 810->811 812 17ea932-17ea936 810->812 811->812 813 17ea938-17ea94f 812->813 814 17ea957-17ea970 812->814 813->814 815 17ea97e-17ea987 814->815 816 17ea972-17ea97b 814->816 817 17ea989-17ea9a0 815->817 818 17ea9a2-17ea9a6 815->818 816->815 817->818 819 17ea9a8-17ea9b9 818->819 820 17ea9c1-17ea9d5 818->820 819->820 821 17ea9da-17eaa29 CreateProcessW 820->821 822 17ea9d7 820->822 823 17eaa2b-17eaa31 821->823 824 17eaa32-17eaa63 821->824 822->821 823->824 827 17eaa78-17eaa7c 824->827 828 17eaa65-17eaa69 824->828 830 17eaa7e-17eaa82 827->830 831 17eaa91-17eaa95 827->831 828->827 829 17eaa6b-17eaa6e 828->829 829->827 830->831 832 17eaa84-17eaa87 830->832 833 17eaaaa-17eaaae 831->833 834 17eaa97-17eaa9b 831->834 832->831 836 17eaabf 833->836 837 17eaab0-17eaabc 833->837 834->833 835 17eaa9d-17eaaa0 834->835 835->833 839 17eaac0 836->839 837->836 839->839
              APIs
              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 017EAA19
              Memory Dump Source
              • Source File: 00000000.00000002.4414632707.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_17e0000_MFs7p6ab7w.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 34092495249b5a8d9796f8f4ad8dc5cc2f4a4e59e4ccb14b08df70005928f548
              • Instruction ID: e4524a901f15970def30d985890dee1090cd722cd6f9cbfd21a7e79fe060531a
              • Opcode Fuzzy Hash: 34092495249b5a8d9796f8f4ad8dc5cc2f4a4e59e4ccb14b08df70005928f548
              • Instruction Fuzzy Hash: 2C91E4B1E00309DFDB15CFA9C98879EFBF2AF88304F25812AE514A7250D774A985CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 017EA828 Relevance: 1.7, APIs: 1, Instructions: 215processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 840 17ea828-17ea89c 842 17ea89e-17ea8a4 840->842 843 17ea8a7-17ea8ae 840->843 842->843 844 17ea8b9-17ea8c0 843->844 845 17ea8b0-17ea8b6 843->845 846 17ea8df-17ea8e3 844->846 847 17ea8c2-17ea8de 844->847 845->844 848 17ea8e5-17ea8fb 846->848 849 17ea903-17ea913 846->849 847->846 848->849 850 17ea915-17ea931 849->850 851 17ea932-17ea936 849->851 850->851 852 17ea938-17ea94f 851->852 853 17ea957-17ea970 851->853 852->853 854 17ea97e-17ea987 853->854 855 17ea972-17ea97b 853->855 856 17ea989-17ea9a0 854->856 857 17ea9a2-17ea9a6 854->857 855->854 856->857 858 17ea9a8-17ea9b9 857->858 859 17ea9c1-17ea9d5 857->859 858->859 860 17ea9da-17eaa29 CreateProcessW 859->860 861 17ea9d7 859->861 862 17eaa2b-17eaa31 860->862 863 17eaa32-17eaa63 860->863 861->860 862->863 866 17eaa78-17eaa7c 863->866 867 17eaa65-17eaa69 863->867 869 17eaa7e-17eaa82 866->869 870 17eaa91-17eaa95 866->870 867->866 868 17eaa6b-17eaa6e 867->868 868->866 869->870 871 17eaa84-17eaa87 869->871 872 17eaaaa-17eaaae 870->872 873 17eaa97-17eaa9b 870->873 871->870 875 17eaabf 872->875 876 17eaab0-17eaabc 872->876 873->872 874 17eaa9d-17eaaa0 873->874 874->872 878 17eaac0 875->878 876->875 878->878
              APIs
              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 017EAA19
              Memory Dump Source
              • Source File: 00000000.00000002.4414632707.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_17e0000_MFs7p6ab7w.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 6170355c8c2e3d34ce466860b4427c9b4f0b58cb5eac62b1f3e1c0455ff57106
              • Instruction ID: 83caeb82bbd58fad5165fcc01a6c81b6f248e8c819b05faa1be4a553ecc4cc66
              • Opcode Fuzzy Hash: 6170355c8c2e3d34ce466860b4427c9b4f0b58cb5eac62b1f3e1c0455ff57106
              • Instruction Fuzzy Hash: 9691E5B1D00309DFDB15CFA9C98879EFBF2AF88304F25852AE514A7250D774A945CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 017EF558 Relevance: 1.7, Strings: 1, Instructions: 409COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 879 17ef558-17ef56b 880 17ef6aa-17ef6b1 879->880 881 17ef571-17ef57a 879->881 882 17ef6b4 881->882 883 17ef580-17ef584 881->883 888 17ef6b9-17ef6e3 882->888 884 17ef59e-17ef5a5 883->884 885 17ef586 883->885 884->880 887 17ef5ab-17ef5b8 884->887 886 17ef589-17ef594 885->886 886->882 889 17ef59a-17ef59c 886->889 887->880 892 17ef5be-17ef5d1 887->892 893 17ef6e5-17ef6fd 888->893 889->884 889->886 894 17ef5d6-17ef5de 892->894 895 17ef5d3 892->895 899 17efa8a-17efa91 893->899 900 17ef703-17ef713 893->900 897 17ef64b-17ef64d 894->897 898 17ef5e0-17ef5e6 894->898 895->894 897->880 901 17ef64f-17ef655 897->901 898->897 902 17ef5e8-17ef5ee 898->902 903 17efb07 899->903 904 17efa93-17efada call 17ec3d0 899->904 905 17ef716-17ef71c 900->905 901->880 906 17ef657-17ef661 901->906 902->888 907 17ef5f4-17ef60c 902->907 914 17efb14-17efb16 903->914 904->903 908 17efa5a-17efa85 call 17ebf08 * 3 call 17ebf70 * 3 905->908 909 17ef722-17ef728 905->909 906->888 910 17ef663-17ef67b 906->910 924 17ef60e-17ef614 907->924 925 17ef639-17ef63c 907->925 908->899 912 17ef72a-17ef72f 909->912 913 17ef737-17ef73e 909->913 928 17ef67d-17ef683 910->928 929 17ef6a0-17ef6a3 910->929 912->913 913->899 917 17ef744-17ef74c 913->917 914->899 919 17efb1c-17efb23 914->919 927 17ef754-17ef756 917->927 919->893 924->888 930 17ef61a-17ef62e 924->930 925->882 932 17ef63e-17ef641 925->932 934 17ef76d-17ef775 927->934 935 17ef758-17ef765 927->935 928->888 936 17ef685-17ef699 928->936 929->882 938 17ef6a5-17ef6a8 929->938 930->888 945 17ef634 930->945 932->882 939 17ef643-17ef649 932->939 943 17ef77d-17ef77f 934->943 935->934 936->888 951 17ef69b 936->951 938->880 938->906 939->897 939->898 943->899 948 17ef785-17ef78c 943->948 945->925 949 17ef86a-17ef87d 948->949 950 17ef792 948->950 949->908 959 17ef883-17ef886 949->959 954 17ef798-17ef79e 950->954 951->929 958 17ef7a6-17ef7aa 954->958 963 17ef7b0-17ef7b8 958->963 959->908 961 17ef88c-17ef88f 959->961 961->908 964 17ef895-17ef898 961->964 966 17ef7ba 963->966 967 17ef825-17ef836 call 17e0140 963->967 964->908 968 17ef89e-17ef8a1 964->968 966->899 969 17ef7c1-17ef7d5 966->969 975 17ef83b 967->975 968->908 970 17ef8a7-17ef8d6 968->970 976 17ef808-17ef81a 969->976 977 17ef7d7-17ef801 969->977 970->908 984 17ef8dc-17ef8ee 970->984 980 17ef843-17ef865 975->980 976->905 982 17ef820 976->982 977->976 980->954 982->934 987 17ef8f7-17ef903 984->987 988 17ef8f0 984->988 987->908 992 17ef909-17ef90b 987->992 990 17ef964-17ef9af 988->990 991 17ef8f2-17ef8f5 988->991 990->905 1006 17ef9b5-17ef9b8 990->1006 991->987 991->990 994 17ef90d-17ef90f 992->994 995 17ef917-17ef91a 992->995 994->908 998 17ef915 994->998 995->908 999 17ef920-17ef923 995->999 998->999 999->908 1000 17ef929-17ef92c 999->1000 1000->908 1002 17ef932-17ef935 1000->1002 1002->908 1003 17ef93b-17ef93e 1002->1003 1003->908 1005 17ef944-17ef947 1003->1005 1005->908 1007 17ef94d-17ef959 1005->1007 1006->905 1008 17ef9be-17efa55 call 17e01b0 1006->1008 1007->990 1008->905
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4414632707.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_17e0000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: Te]q
              • API String ID: 0-52440209
              • Opcode ID: e59b1c7fdc750b37d193b682e9c00e330ef19485d32ed7b0f04015e50d507f77
              • Instruction ID: ce7564150698228668632809b61a0262accf56c5f8eeca073a3e377cffb56497
              • Opcode Fuzzy Hash: e59b1c7fdc750b37d193b682e9c00e330ef19485d32ed7b0f04015e50d507f77
              • Instruction Fuzzy Hash: E8F16731A002058FDB19DF79C98CA5DBBF2FF89320B158568E8259B7A6DB35EC41CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06067790 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1022 6067790-60677f6 1024 6067840-6067842 1022->1024 1025 60677f8-6067803 1022->1025 1026 6067844-606785d 1024->1026 1025->1024 1027 6067805-6067811 1025->1027 1034 606785f-606786b 1026->1034 1035 60678a9-60678ab 1026->1035 1028 6067834-606783e 1027->1028 1029 6067813-606781d 1027->1029 1028->1026 1030 6067821-6067830 1029->1030 1031 606781f 1029->1031 1030->1030 1033 6067832 1030->1033 1031->1030 1033->1028 1034->1035 1037 606786d-6067879 1034->1037 1036 60678ad-6067905 1035->1036 1046 6067907-6067912 1036->1046 1047 606794f-6067951 1036->1047 1038 606789c-60678a7 1037->1038 1039 606787b-6067885 1037->1039 1038->1036 1041 6067887 1039->1041 1042 6067889-6067898 1039->1042 1041->1042 1042->1042 1043 606789a 1042->1043 1043->1038 1046->1047 1048 6067914-6067920 1046->1048 1049 6067953-606796b 1047->1049 1050 6067922-606792c 1048->1050 1051 6067943-606794d 1048->1051 1056 60679b5-60679b7 1049->1056 1057 606796d-6067978 1049->1057 1052 6067930-606793f 1050->1052 1053 606792e 1050->1053 1051->1049 1052->1052 1055 6067941 1052->1055 1053->1052 1055->1051 1059 60679b9-6067a0a 1056->1059 1057->1056 1058 606797a-6067986 1057->1058 1060 6067988-6067992 1058->1060 1061 60679a9-60679b3 1058->1061 1067 6067a10-6067a1e 1059->1067 1062 6067996-60679a5 1060->1062 1063 6067994 1060->1063 1061->1059 1062->1062 1065 60679a7 1062->1065 1063->1062 1065->1061 1068 6067a27-6067a87 1067->1068 1069 6067a20-6067a26 1067->1069 1076 6067a97-6067a9b 1068->1076 1077 6067a89-6067a8d 1068->1077 1069->1068 1079 6067a9d-6067aa1 1076->1079 1080 6067aab-6067aaf 1076->1080 1077->1076 1078 6067a8f 1077->1078 1078->1076 1079->1080 1083 6067aa3 1079->1083 1081 6067ab1-6067ab5 1080->1081 1082 6067abf-6067ac3 1080->1082 1081->1082 1084 6067ab7 1081->1084 1085 6067ac5-6067ac9 1082->1085 1086 6067ad3-6067ad7 1082->1086 1083->1080 1084->1082 1085->1086 1087 6067acb 1085->1087 1088 6067ae7-6067aeb 1086->1088 1089 6067ad9-6067add 1086->1089 1087->1086 1091 6067aed-6067af1 1088->1091 1092 6067afb-6067aff 1088->1092 1089->1088 1090 6067adf 1089->1090 1090->1088 1091->1092 1095 6067af3 1091->1095 1093 6067b01-6067b05 1092->1093 1094 6067b0f 1092->1094 1093->1094 1096 6067b07 1093->1096 1097 6067b10 1094->1097 1095->1092 1096->1094 1097->1097
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: \Vl
              • API String ID: 0-682378881
              • Opcode ID: 81f466a1cbde1ce8ee819bd90fd4dacba481ae56663c0c25fdc869ee66b5e43a
              • Instruction ID: f84385e92f9c82e479f8dc3457e65c3530fd9a7484c344529755e7664348ad7a
              • Opcode Fuzzy Hash: 81f466a1cbde1ce8ee819bd90fd4dacba481ae56663c0c25fdc869ee66b5e43a
              • Instruction Fuzzy Hash: 7FB16E70E40209CFDB94CFAAC98579EBFF2AF88318F148529E415A7254EB749941CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068060 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec328d727a2ba664917d001be2cd1c716cccae803df3492191f9fd218bbe7892
              • Instruction ID: f5f2d16953b8e3d5fbbf0f202f9d5609f17fb2ef96b622d2a5bf4544aeeac310
              • Opcode Fuzzy Hash: ec328d727a2ba664917d001be2cd1c716cccae803df3492191f9fd218bbe7892
              • Instruction Fuzzy Hash: 03B16E70E00209CFDF94CFAAD98579DBFF2AF88314F14C529E814AB254EB749885CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06067784 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1098 6067784-60677f6 1101 6067840-6067842 1098->1101 1102 60677f8-6067803 1098->1102 1103 6067844-606785d 1101->1103 1102->1101 1104 6067805-6067811 1102->1104 1111 606785f-606786b 1103->1111 1112 60678a9-60678ab 1103->1112 1105 6067834-606783e 1104->1105 1106 6067813-606781d 1104->1106 1105->1103 1107 6067821-6067830 1106->1107 1108 606781f 1106->1108 1107->1107 1110 6067832 1107->1110 1108->1107 1110->1105 1111->1112 1114 606786d-6067879 1111->1114 1113 60678ad-6067905 1112->1113 1123 6067907-6067912 1113->1123 1124 606794f-6067951 1113->1124 1115 606789c-60678a7 1114->1115 1116 606787b-6067885 1114->1116 1115->1113 1118 6067887 1116->1118 1119 6067889-6067898 1116->1119 1118->1119 1119->1119 1120 606789a 1119->1120 1120->1115 1123->1124 1125 6067914-6067920 1123->1125 1126 6067953-606796b 1124->1126 1127 6067922-606792c 1125->1127 1128 6067943-606794d 1125->1128 1133 60679b5-60679b7 1126->1133 1134 606796d-6067978 1126->1134 1129 6067930-606793f 1127->1129 1130 606792e 1127->1130 1128->1126 1129->1129 1132 6067941 1129->1132 1130->1129 1132->1128 1136 60679b9-60679cb 1133->1136 1134->1133 1135 606797a-6067986 1134->1135 1137 6067988-6067992 1135->1137 1138 60679a9-60679b3 1135->1138 1143 60679d2-6067a0a 1136->1143 1139 6067996-60679a5 1137->1139 1140 6067994 1137->1140 1138->1136 1139->1139 1142 60679a7 1139->1142 1140->1139 1142->1138 1144 6067a10-6067a1e 1143->1144 1145 6067a27-6067a87 1144->1145 1146 6067a20-6067a26 1144->1146 1153 6067a97-6067a9b 1145->1153 1154 6067a89-6067a8d 1145->1154 1146->1145 1156 6067a9d-6067aa1 1153->1156 1157 6067aab-6067aaf 1153->1157 1154->1153 1155 6067a8f 1154->1155 1155->1153 1156->1157 1160 6067aa3 1156->1160 1158 6067ab1-6067ab5 1157->1158 1159 6067abf-6067ac3 1157->1159 1158->1159 1161 6067ab7 1158->1161 1162 6067ac5-6067ac9 1159->1162 1163 6067ad3-6067ad7 1159->1163 1160->1157 1161->1159 1162->1163 1164 6067acb 1162->1164 1165 6067ae7-6067aeb 1163->1165 1166 6067ad9-6067add 1163->1166 1164->1163 1168 6067aed-6067af1 1165->1168 1169 6067afb-6067aff 1165->1169 1166->1165 1167 6067adf 1166->1167 1167->1165 1168->1169 1172 6067af3 1168->1172 1170 6067b01-6067b05 1169->1170 1171 6067b0f 1169->1171 1170->1171 1173 6067b07 1170->1173 1174 6067b10 1171->1174 1172->1169 1173->1171 1174->1174
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: \Vl
              • API String ID: 0-682378881
              • Opcode ID: ec9b4d9717725af1ac0e607126278ae1232c9dddf4d830bd137a83ddcd576e12
              • Instruction ID: c2a0529d7613b4d18dd5cb96825d0192e1d717983343ee0fb8ceaaf8abae009b
              • Opcode Fuzzy Hash: ec9b4d9717725af1ac0e607126278ae1232c9dddf4d830bd137a83ddcd576e12
              • Instruction Fuzzy Hash: 03B14C70E40209CFDB90CFAAC98579EBFF2EF88318F148529E815A7254EB749945CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606AE78 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1175 606ae78-606ae80 1176 606aef2-606afe7 call 606a008 1175->1176 1177 606ae82-606aeb0 1175->1177 1195 606aff0-606aff9 1176->1195 1196 606afe9-606afef 1176->1196 1187 606aeb2-606aed2 1177->1187 1188 606aeeb-606aef1 1177->1188 1187->1188 1197 606aed4-606aee9 1187->1197 1198 606b060-606b065 1195->1198 1199 606affb-606b043 1195->1199 1196->1195 1197->1188 1201 606b067-606b06c 1198->1201 1202 606b072-606b0ae 1198->1202 1206 606b045-606b04b 1199->1206 1207 606b04c-606b055 1199->1207 1201->1202 1205 606b152-606b17e 1201->1205 1209 606b0b7-606b0c0 1202->1209 1210 606b0b0-606b0b6 1202->1210 1229 606b185-606b189 1205->1229 1206->1207 1207->1198 1213 606b057-606b059 1207->1213 1214 606b0c2-606b0fe 1209->1214 1215 606b11b-606b126 1209->1215 1210->1209 1213->1198 1221 606b107-606b110 1214->1221 1222 606b100-606b106 1214->1222 1236 606b128 call 606b2f7 1215->1236 1237 606b128 call 606b308 1215->1237 1221->1215 1225 606b112-606b114 1221->1225 1222->1221 1224 606b12e-606b150 1224->1229 1225->1215 1230 606b1a0-606b1a4 1229->1230 1231 606b18b-606b196 1229->1231 1232 606b1a6-606b1b1 1230->1232 1233 606b1bb-606b1c3 call 606a014 1230->1233 1231->1230 1232->1233 1236->1224 1237->1224
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: (aq
              • API String ID: 0-600464949
              • Opcode ID: c8eb9eaf1f16afe12b13381d52571c462cf0960642c7b4e5262f89a9903ef79e
              • Instruction ID: 81588d1fb45cb37ec898d4a77f2e590b9427d2c0980a01f24d8c5cbc9869d34d
              • Opcode Fuzzy Hash: c8eb9eaf1f16afe12b13381d52571c462cf0960642c7b4e5262f89a9903ef79e
              • Instruction Fuzzy Hash: B5A17FB0E403489FDB54EFA9C884B9EBFF5AF89300F148029E509EB394DB759885CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606B308 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1238 606b308-606b345 1239 606b34b 1238->1239 1240 606b4a9-606b4ce 1238->1240 1241 606b352-606b368 1239->1241 1249 606b4d5-606b57d 1240->1249 1247 606b39a-606b3ca 1241->1247 1248 606b36a-606b379 1241->1248 1252 606b3d3-606b3dc 1247->1252 1253 606b3cc-606b3d2 1247->1253 1254 606b37b-606b385 1248->1254 1255 606b388-606b395 1248->1255 1274 606b586-606b59a 1249->1274 1275 606b57f-606b585 1249->1275 1252->1249 1257 606b3e2-606b3e6 1252->1257 1253->1252 1254->1255 1263 606b49b-606b4a8 1255->1263 1257->1249 1260 606b3ec-606b419 1257->1260 1266 606b422-606b44f 1260->1266 1267 606b41b-606b421 1260->1267 1278 606b451-606b47f 1266->1278 1279 606b499 1266->1279 1267->1266 1275->1274 1278->1279 1283 606b481-606b497 1278->1283 1279->1263 1283->1279
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: (aq
              • API String ID: 0-600464949
              • Opcode ID: f8d04ed535dcd4eee444299e34a0d08471b268eab34e393f0257de7737ae1d04
              • Instruction ID: 6243fb7c2fb0570c98e090817a548b3d4e76ee7b5c0c12c5f24f5656d8a10bb2
              • Opcode Fuzzy Hash: f8d04ed535dcd4eee444299e34a0d08471b268eab34e393f0257de7737ae1d04
              • Instruction Fuzzy Hash: 31719BB0E402098FCB54EFAAC4447AEBFF5EF88300F208469E519E7354DB799901CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606919F Relevance: 1.4, Strings: 1, Instructions: 179COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1286 606919f-60691ca 1287 60691e1-60691f4 1286->1287 1288 60691cc-60691d0 1286->1288 1294 60691f6-60691fc 1287->1294 1295 60691ff-606920c 1287->1295 1289 60691d6-60691de 1288->1289 1290 606954c-606957b 1288->1290 1289->1287 1300 606957d-6069589 1290->1300 1301 60695b8 1290->1301 1294->1295 1298 606920e-6069217 1295->1298 1299 606921c-6069231 1295->1299 1306 606930c-606933a 1298->1306 1299->1306 1307 6069237-6069244 1299->1307 1300->1301 1308 606958b-6069594 1300->1308 1302 60695ba-60695bd 1301->1302 1344 606933d call 60695c0 1306->1344 1345 606933d call 60695d0 1306->1345 1307->1306 1312 606924a-606925e 1307->1312 1308->1301 1313 6069596-60695a4 1308->1313 1318 6069260-6069266 1312->1318 1319 6069298-60692a9 1312->1319 1313->1301 1320 60695a6-60695b4 1313->1320 1317 6069343-6069345 1321 6069541-6069549 1317->1321 1322 606926c-6069278 1318->1322 1323 6069268-606926a 1318->1323 1329 60692ad-60692b9 1319->1329 1330 60692ab 1319->1330 1320->1301 1328 60695b6 1320->1328 1326 606927a-6069287 1322->1326 1323->1326 1326->1319 1333 6069289-6069296 1326->1333 1328->1302 1332 60692bb-60692ca 1329->1332 1330->1332 1336 60692e3-60692e7 1332->1336 1333->1319 1340 60692cc-60692e1 1333->1340 1338 60692f2-60692f4 1336->1338 1339 60692e9-60692f0 1336->1339 1338->1321 1339->1338 1341 60692f9-6069307 1339->1341 1340->1336 1341->1321 1344->1317 1345->1317
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: d8bq
              • API String ID: 0-3484500975
              • Opcode ID: 40ef69d25e2e5c805ef4582251f1370a42c969076a6da9d8eddb42f68f738f06
              • Instruction ID: 0094dcb6671899ccc8e9234fbdf59fc07e0cdc1a0d7298045f7906a6ddbc0722
              • Opcode Fuzzy Hash: 40ef69d25e2e5c805ef4582251f1370a42c969076a6da9d8eddb42f68f738f06
              • Instruction Fuzzy Hash: FC616B30B4021A9FCF94DF69D554AAD7FF6AF88711F148069E902AB7A4CB70DC40CB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068A68 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1346 6068a68-6068a70 1347 6068a72-6068a80 1346->1347 1348 6068a81-6068bb3 1346->1348 1362 6068bb9-6068bc7 1348->1362 1363 6068bd0-6068c3e 1362->1363 1364 6068bc9-6068bcf 1362->1364 1372 6068c40 1363->1372 1373 6068c48-6068c4c 1363->1373 1364->1363 1372->1373 1374 6068c56 1373->1374 1375 6068c4e 1373->1375 1376 6068c57 1374->1376 1375->1374 1376->1376
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: Haq
              • API String ID: 0-725504367
              • Opcode ID: b157bca2ff3d9ea26dbe58ab9867756347bb96344a335153f86928dd18b63a5c
              • Instruction ID: 514041c6059a332e0d00529963628cc5b7f051c78cc8809d97fa9f9f4b5d4af8
              • Opcode Fuzzy Hash: b157bca2ff3d9ea26dbe58ab9867756347bb96344a335153f86928dd18b63a5c
              • Instruction Fuzzy Hash: 7E513970D01248DFCB54DFA9C994BDDBBF6BF49300F10846AE405AB2A4DB35AD45CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068C83 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: PH]q
              • API String ID: 0-3168235125
              • Opcode ID: 07503df900f614eeae53684a2a7b855d111dbeb68c60c69ce7e9d17e5d30af0c
              • Instruction ID: a91f0f6c381f3772ca370b6cb2ed4554ad96d6f87d40f8afeb0d9303e89fa3e8
              • Opcode Fuzzy Hash: 07503df900f614eeae53684a2a7b855d111dbeb68c60c69ce7e9d17e5d30af0c
              • Instruction Fuzzy Hash: 47518174E002089FDB48DFB6D8987ADBBF2FF88700F148429E405AB294DB795885CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606B9A8 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: Te]q
              • API String ID: 0-52440209
              • Opcode ID: c2ee9524c76bba92e78733ec43d8f475b8ac67ca4aba563b73aa3724ac4055eb
              • Instruction ID: 64e8a1ae1a5b6e2bcfdb4fa9018cc753cf8e47de7ad558452c2805393bcab680
              • Opcode Fuzzy Hash: c2ee9524c76bba92e78733ec43d8f475b8ac67ca4aba563b73aa3724ac4055eb
              • Instruction Fuzzy Hash: A0418BB0B501149FDB94CB6AD894BAEBBF2AF88714F148069E505EB3A5CB70DC41CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060695D0 Relevance: .3, Instructions: 332COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ddab87abd559deb9fbf79c7b134e2c7c46327e47b7080a1ce8afdcc0ae53b73f
              • Instruction ID: 83031ace426119f35a626e0ea644e9f5813d4984d9f92d2efb4c37036d5b195f
              • Opcode Fuzzy Hash: ddab87abd559deb9fbf79c7b134e2c7c46327e47b7080a1ce8afdcc0ae53b73f
              • Instruction Fuzzy Hash: 27C18070B402169FCB599F69D894AAE7BF6FF88300F148469F9059B3A4DB34DD42CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060620F8 Relevance: .3, Instructions: 307COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c29bf04fcb6077a35174d031a8ca9361795029d05db1682e388a32984b83c69
              • Instruction ID: 4409700b8332ade16e11fae2e5cfced43bb7c8005d1ee4bd4b95ba295728cc50
              • Opcode Fuzzy Hash: 5c29bf04fcb6077a35174d031a8ca9361795029d05db1682e388a32984b83c69
              • Instruction Fuzzy Hash: DCB1466284E3E45FDB039B7C89B09CA7FB4AF47200F0A40D7D090DB1A7D568994DC7AA
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068054 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7613a027c3a6801559feacbd512f74bcea5e5093fb7b5cae5f22806766ceb83
              • Instruction ID: 7691a795005217f6f7e0dca044802c341398d50d0ff4de57f99d2287dcb44b76
              • Opcode Fuzzy Hash: d7613a027c3a6801559feacbd512f74bcea5e5093fb7b5cae5f22806766ceb83
              • Instruction Fuzzy Hash: 63B17D70E40219CFDF90CFAAD98579DBFF1AF48314F14C529E814AB254EB749885CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606B650 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70694a40aadd3c376cd1fa573ed9fed509f5f626eedba407a41efb4e2caa3439
              • Instruction ID: e788701a79554a53e31fd2abb2790415fed5371a4270c09f52ecc6f3443fc33e
              • Opcode Fuzzy Hash: 70694a40aadd3c376cd1fa573ed9fed509f5f626eedba407a41efb4e2caa3439
              • Instruction Fuzzy Hash: 955123B0D402088FDB54DF9AC984BDEFBF5AF48310F248059E408AB260DB79A945CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606C348 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1d15b064368e2784833a8cc492d08b67344e8a26219192d8770588a820b9729
              • Instruction ID: eab1242f6f6b36d1670f255125f6792193d44cec5ed500eef2daea88c3a21a43
              • Opcode Fuzzy Hash: c1d15b064368e2784833a8cc492d08b67344e8a26219192d8770588a820b9729
              • Instruction Fuzzy Hash: 9C412835A512189FEB94DBAAD844AEDBBF5EF88310F048065F945E7260DB70EC41CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606A2D8 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2556d45d260c76f78dfd8692602a7f83846134d99715fcab74a5c3e3e8a0716d
              • Instruction ID: cb9e80c94207fa041c54a564e5cbe2698368802817dc2d4d145f49818d83d16e
              • Opcode Fuzzy Hash: 2556d45d260c76f78dfd8692602a7f83846134d99715fcab74a5c3e3e8a0716d
              • Instruction Fuzzy Hash: 56415BB4E80358DFDB64EFA6D9887DDBFF1AF48314F248019E405BA240DBB94884CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060690B0 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9880d0ab2ac3dfc9b6674e642cf69ca8e84f28f288eaa6005e35928b9254b37d
              • Instruction ID: 6723b301acf9473d59ef1c43ab170f411cc5f003879c6bbcd981f17cb3ae5016
              • Opcode Fuzzy Hash: 9880d0ab2ac3dfc9b6674e642cf69ca8e84f28f288eaa6005e35928b9254b37d
              • Instruction Fuzzy Hash: E3215C31A0020AAFCF459F56D859AAE7FBAFB98310F148028FD168B210CB35DD65DB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0143D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4414383006.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_143d000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf69446f00df7deef454a0866d6b468419423e7d80fd514e651db39db2af826d
              • Instruction ID: 33a59aad41b4be4f5a53942b689cb4bb007e935fbd649b873f3722d4de3ef9cc
              • Opcode Fuzzy Hash: bf69446f00df7deef454a0866d6b468419423e7d80fd514e651db39db2af826d
              • Instruction Fuzzy Hash: 3B2103B1904200DFDB15DF68D980B16FF75FB88718F60C56AD94A0B366C33AD407CA61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060690AB Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3b3a87b0af90004387475bc2e4b86b55cbd10fcbc61eb6a263b83158d18c2ba
              • Instruction ID: 27706f4a13a588932d013cca77a3235ff7f388fd8a3d62915044c26377ee0a57
              • Opcode Fuzzy Hash: f3b3a87b0af90004387475bc2e4b86b55cbd10fcbc61eb6a263b83158d18c2ba
              • Instruction Fuzzy Hash: 7A219D31B4021A9FDB849F66E8497AD7BE5FB88321F044425F9058B740CB359D95CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060689A0 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b481969a0bf9839eb45bd20df8458ee6b5899ee67aff31c3add9ff1a57e51064
              • Instruction ID: 5b153cf535442d3c05d162273e0c85c2fa483762c84a1333a818e75de69336f3
              • Opcode Fuzzy Hash: b481969a0bf9839eb45bd20df8458ee6b5899ee67aff31c3add9ff1a57e51064
              • Instruction Fuzzy Hash: E311A332B801158BEB94E6B998085EDBFE2EFC9214F014165E905A72D8DB764A41CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606BBB0 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e147d7a0b9668f4b1b33d945423fca0479b87c4945e40b9523461030cd4c6ecd
              • Instruction ID: 1e88874a39b2588a874da87cd0a4463bcdf8393ac62fba632fb44e36d1f43aa5
              • Opcode Fuzzy Hash: e147d7a0b9668f4b1b33d945423fca0479b87c4945e40b9523461030cd4c6ecd
              • Instruction Fuzzy Hash: F211A332B500298B8F85B7B9DC188DD7FE5EF89611B0044A4F905FB368DF259D118BD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606B2F7 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c72a4d5fb4a9f71a78efd045b52732c5342b86cc30fa49bdc08eec0b48173925
              • Instruction ID: 8ab226387db97b0708a4761759145b62d1bf5b53064034a3b16be67c64707451
              • Opcode Fuzzy Hash: c72a4d5fb4a9f71a78efd045b52732c5342b86cc30fa49bdc08eec0b48173925
              • Instruction Fuzzy Hash: EF11AFB5E402088FCF54DFAAC5449AEBFF9EF88210F108569E816E7314E735A911CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0143D006 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4414383006.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_143d000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 093daf1f70e89a40c8808294d50eaa0446d3ae0fb60b1171563e238f49fd6d0d
              • Instruction ID: 21744898a70317d95732fd21822a64dd9d42c9c27d7623c245afdcbb60ece5ef
              • Opcode Fuzzy Hash: 093daf1f70e89a40c8808294d50eaa0446d3ae0fb60b1171563e238f49fd6d0d
              • Instruction Fuzzy Hash: 672180755093808FDB03CF64D594716BF71EB8A214F28C5DBD8498F2A7C33A980ACB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068F20 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 436bf99f7123249f0a56f140f6d91a2abb378698e007e3655ad6b6022ce1d49e
              • Instruction ID: ed4a59a4a779128d2941a1a237a70644e79e0ebc53d6a44440e47902c069605a
              • Opcode Fuzzy Hash: 436bf99f7123249f0a56f140f6d91a2abb378698e007e3655ad6b6022ce1d49e
              • Instruction Fuzzy Hash: D401B531B801165BEB59266E94242BE6AABDBC4750F004029E907DB784DE354D0543D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606BC70 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e50891643df9772455f2f54f8b460cbc51725d757632d3eeb9ab449be42cd534
              • Instruction ID: 61caf964799e85ba0a1d8355d0852b1b0b53c292057d89956f78484f38f5cd7c
              • Opcode Fuzzy Hash: e50891643df9772455f2f54f8b460cbc51725d757632d3eeb9ab449be42cd534
              • Instruction Fuzzy Hash: 851110B58006488FDB60DFAAC584B9EBFF4EF48320F208859E459A7250D778A944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606A160 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5aba631f4b2b2ad5aa2961c42f5a1170c4d9456dbf4e1b7d696c63a277e606c
              • Instruction ID: 52383e86516aff42514d2f7e37df0373657d3f81424400042229cae94dc6b902
              • Opcode Fuzzy Hash: b5aba631f4b2b2ad5aa2961c42f5a1170c4d9456dbf4e1b7d696c63a277e606c
              • Instruction Fuzzy Hash: D711E0B59006498FCB60DF9AC548B9EBBF4EF48324F208859E519A7250D778A944CFE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606C321 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11f97e3ad434cafcff0629e59f527893e1f4e48012f4690b927bef35c7439ed8
              • Instruction ID: 519d4f7c003e9bb2dac0d283b8ef7f13acb4dad1b759227acd9e12b980c37c1d
              • Opcode Fuzzy Hash: 11f97e3ad434cafcff0629e59f527893e1f4e48012f4690b927bef35c7439ed8
              • Instruction Fuzzy Hash: 73017B31E042945BDB028BB9CC006DE7FB49F47200F0801AAE8D1E7292D7310406CBE0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06069D89 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c980e9ab901927e1c40597c9a077fc4f37b846f2b40fc0af0c656c5dcf1f3c6
              • Instruction ID: 4444991f9701627f15282f434b8e1655f0305ea7e75911d46d014ef3bbca5846
              • Opcode Fuzzy Hash: 0c980e9ab901927e1c40597c9a077fc4f37b846f2b40fc0af0c656c5dcf1f3c6
              • Instruction Fuzzy Hash: D4F09674D9520B9FE754DFB6D9417FEBFB1EB40301F00856AD80696601EA788486CFC1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06069B90 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6efd181831a271f89f9d5724b82d8de79924f2f5f9d55ef3ec47f3df72b3f43e
              • Instruction ID: 193fccd18904e215ccf9170a55de17d24420634629276992b3b62c93d58f2a7d
              • Opcode Fuzzy Hash: 6efd181831a271f89f9d5724b82d8de79924f2f5f9d55ef3ec47f3df72b3f43e
              • Instruction Fuzzy Hash: 45E09B7598510997CF996B74FD554FDBF34DF11201F040099EA4742991DA34065BCBD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06068F1B Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a43cef8d6c2b36693b0408234284f679b2483590fc985a4907a5fd3f311998a
              • Instruction ID: 8463691610826797ba97ff7d5a9e0361e32293c3b584ea9dc257438465828296
              • Opcode Fuzzy Hash: 9a43cef8d6c2b36693b0408234284f679b2483590fc985a4907a5fd3f311998a
              • Instruction Fuzzy Hash: E7E02236F402184BDB484A5CA1101EC73B2EBC8321B05006AD906A7340EF344E14878A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606BBA0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19f59e80b83bb3d0eedcfe598cb159f429d4c13c3cbeaecb1551c313a40f634d
              • Instruction ID: ada0ee2d5ca81e4c47d4fc30e90fa3cd058a7b4d26aefa25d6a0af9c7e404242
              • Opcode Fuzzy Hash: 19f59e80b83bb3d0eedcfe598cb159f429d4c13c3cbeaecb1551c313a40f634d
              • Instruction Fuzzy Hash: 31E0DF36E4012A8ADBA06D7DAD554EA7FA4DB85232F004664ED91E6258D72898224A82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606A3EE Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36faa2f2837f97a3c09dcb02b2ca6fcb5de4317b860dcdcc1fd95e9e48f37afd
              • Instruction ID: ab9ae268d2cdde34c5db035321850928e9e559d4c73acda64462dc65659f2afa
              • Opcode Fuzzy Hash: 36faa2f2837f97a3c09dcb02b2ca6fcb5de4317b860dcdcc1fd95e9e48f37afd
              • Instruction Fuzzy Hash: 3FE06DF4AC4109CBEBA9EB61EE5D7ED7EB2EB84211F100515E006B9190CFB94D84CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606BE38 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aaef5b4a31256f1a09da69d867a2a1bff464775a98697ffaf481c69b4245d2d
              • Instruction ID: e8e718daa4b36ef47b6c1f83479ad29ac17f837f4308649a005b2a6b5a6c19bd
              • Opcode Fuzzy Hash: 4aaef5b4a31256f1a09da69d867a2a1bff464775a98697ffaf481c69b4245d2d
              • Instruction Fuzzy Hash: CFE0DF70A053848FCB50CB74D8009ADBFF0AF82204B1445DEE489C7312D6358E008781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606A681 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9d272559a31e70fc144f3c3eaef2dc9abd9c0a74c60da6397ffbde3b4c8764d
              • Instruction ID: 7b145778de27c1f5251af009517ec807ccf7a8216e5ead49ec3de1bc4a60cab9
              • Opcode Fuzzy Hash: f9d272559a31e70fc144f3c3eaef2dc9abd9c0a74c60da6397ffbde3b4c8764d
              • Instruction Fuzzy Hash: FCE0D8B40853808FD3679B59ED05BD57F51E793304F00854DD4841A183DBBA58868B92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606BE48 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5626a72681c1bfca87b102d8014aac0feef5e3feb1b5f8d6b7aac4c42e74afe1
              • Instruction ID: f029ef7021b34d5cd6f40c951d0cadf3d6254fdbd6109cbb55d9508026284934
              • Opcode Fuzzy Hash: 5626a72681c1bfca87b102d8014aac0feef5e3feb1b5f8d6b7aac4c42e74afe1
              • Instruction Fuzzy Hash: 38D0C7747411089FCB44DB79D54585D7BF9DF8510575045D8E849D7311DA31DD104791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06069BA0 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 250637fa04791401488098ffd19c140ad78a5b871790055cde6635bde23f2ed1
              • Instruction ID: 0244c1bfebaaa5696383d681f7b34d7a3ca491360d3dd710f64252c969eb0ae3
              • Opcode Fuzzy Hash: 250637fa04791401488098ffd19c140ad78a5b871790055cde6635bde23f2ed1
              • Instruction Fuzzy Hash: 92D0127484410E8BCB1DAB64D95A4BDBF34EE10301F440059DA0752980DA341655CBD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0606A690 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cd1274533392eb609fcf1407e126b908e97ec0efded81b1b217da2cffb40317
              • Instruction ID: f72a86c480882d33c5d605db03bf367fc1b7928c1caeed28e2af4d2a823cc5df
              • Opcode Fuzzy Hash: 7cd1274533392eb609fcf1407e126b908e97ec0efded81b1b217da2cffb40317
              • Instruction Fuzzy Hash: 64D05EB40912408FD365EB9AEE09B893B56F7D7308F00C519D5081E642DBFAA8858F92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06069DEA Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3daeaa97096b026c83210ca09a6da418862a033ab5d2ec3be49e9cb148f8f991
              • Instruction ID: ce7aa7a68ceb60deb1d88d392615ed866d8a067652c2f86d5d729a08668eb1fa
              • Opcode Fuzzy Hash: 3daeaa97096b026c83210ca09a6da418862a033ab5d2ec3be49e9cb148f8f991
              • Instruction Fuzzy Hash: 0AB0123058600A8B8718CA80E94507D7B32EB80202F0001C4E90A11C40DA310CA0C7C1
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 06068551 Relevance: 2.8, Strings: 2, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: Xaq$$]q
              • API String ID: 0-1280934391
              • Opcode ID: e89c4e4abb4249a5dd38e3d0c0d6ee55dab94e7173c600bfb6d7e5cc68289bac
              • Instruction ID: 5ec388a32daba819da690cb494725c37cf6a23427a29864938b29476b135e25c
              • Opcode Fuzzy Hash: e89c4e4abb4249a5dd38e3d0c0d6ee55dab94e7173c600bfb6d7e5cc68289bac
              • Instruction Fuzzy Hash: 4391A170F002198FDB589F79946427EBBA6BFC8710B14C82EE446E7298DF388D4287D1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06067048 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID: \Vl
              • API String ID: 0-682378881
              • Opcode ID: 24e4bc84b5fb810c25b2a328ac2942f15cff0c195c1e47c664e42066c76d7db9
              • Instruction ID: 261e8d88b7dfbc095261c72a212dbbbc620a398c012d670960663f3773d6309e
              • Opcode Fuzzy Hash: 24e4bc84b5fb810c25b2a328ac2942f15cff0c195c1e47c664e42066c76d7db9
              • Instruction Fuzzy Hash: DD916F70E40209CFDF94CFAAC99579DBFF2BF88308F148529E415AB294EB349845CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 060615B0 Relevance: .4, Instructions: 396COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4421431682.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6060000_MFs7p6ab7w.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02d5b277de0c24a88b555b5d2a3f90c7f61a463427d94c7d6acd66124a517d11
              • Instruction ID: 1c76c96b5935a2c4983ca83ade5dcd69705baebef190cce3182f675eb6892285
              • Opcode Fuzzy Hash: 02d5b277de0c24a88b555b5d2a3f90c7f61a463427d94c7d6acd66124a517d11
              • Instruction Fuzzy Hash: F3F16F30E40209CFDB94DFAAC944BADBBF1FF48304F148599E409AB265DB74E985CB90
              Uniqueness

              Uniqueness Score: -1.00%